Note: You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . managedblockchain ]



Creates a member within a Managed Blockchain network.

Applies only to Hyperledger Fabric.

See also: AWS API Documentation


[--client-request-token <value>]
--invitation-id <value>
--network-id <value>
--member-configuration <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]


--client-request-token (string)

A unique, case-sensitive identifier that you provide to ensure the idempotency of the operation. An idempotent operation completes no more than one time. This identifier is required only if you make a service request directly using an HTTP client. It is generated automatically if you use an Amazon Web Services SDK or the CLI.

--invitation-id (string)

The unique identifier of the invitation that is sent to the member to join the network.

--network-id (string)

The unique identifier of the network in which the member is created.

--member-configuration (structure)

Member configuration parameters.

Name -> (string)

The name of the member.

Description -> (string)

An optional description of the member.

FrameworkConfiguration -> (structure)

Configuration properties of the blockchain framework relevant to the member.

Fabric -> (structure)

Attributes of Hyperledger Fabric for a member on a Managed Blockchain network that uses Hyperledger Fabric.

AdminUsername -> (string)

The user name for the member's initial administrative user.

AdminPassword -> (string)

The password for the member's initial administrative user. The AdminPassword must be at least eight characters long and no more than 32 characters. It must contain at least one uppercase letter, one lowercase letter, and one digit. It cannot have a single quotation mark (‘), a double quotation marks (“), a forward slash(/), a backward slash(), @, or a space.

LogPublishingConfiguration -> (structure)

Configuration properties for logging events associated with a member of a Managed Blockchain network.

Fabric -> (structure)

Configuration properties for logging events associated with a member of a Managed Blockchain network using the Hyperledger Fabric framework.

CaLogs -> (structure)

Configuration properties for logging events associated with a member's Certificate Authority (CA). CA logs help you determine when a member in your account joins the network, or when new peers register with a member CA.

Cloudwatch -> (structure)

Parameters for publishing logs to Amazon CloudWatch Logs.

Enabled -> (boolean)

Indicates whether logging is enabled.

Tags -> (map)

Tags assigned to the member. Tags consist of a key and optional value. For more information about tags, see Tagging Resources in the Amazon Managed Blockchain Hyperledger Fabric Developer Guide .

When specifying tags during creation, you can specify multiple key-value pairs in a single request, with an overall maximum of 50 tags added to each resource.

key -> (string)

value -> (string)

KmsKeyArn -> (string)

The Amazon Resource Name (ARN) of the customer managed key in Key Management Service (KMS) to use for encryption at rest in the member. This parameter is inherited by any nodes that this member creates. For more information, see Encryption at Rest in the Amazon Managed Blockchain Hyperledger Fabric Developer Guide .

Use one of the following options to specify this parameter:

  • Undefined or empty string - By default, use an KMS key that is owned and managed by Amazon Web Services on your behalf.
  • A valid symmetric customer managed KMS key - Use the specified KMS key in your account that you create, own, and manage. Amazon Managed Blockchain doesn't support asymmetric keys. For more information, see Using symmetric and asymmetric keys in the Key Management Service Developer Guide . The following is an example of a KMS key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

JSON Syntax:

  "Name": "string",
  "Description": "string",
  "FrameworkConfiguration": {
    "Fabric": {
      "AdminUsername": "string",
      "AdminPassword": "string"
  "LogPublishingConfiguration": {
    "Fabric": {
      "CaLogs": {
        "Cloudwatch": {
          "Enabled": true|false
  "Tags": {"string": "string"
  "KmsKeyArn": "string"

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command's default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json
  • text
  • table

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.


MemberId -> (string)

The unique identifier of the member.