CreateGraph - Amazon Detective

CreateGraph

Creates a new behavior graph for the calling account, and sets that account as the administrator account. This operation is called by the account that is enabling Detective.

Before you try to enable Detective, make sure that your account has been enrolled in Amazon GuardDuty for at least 48 hours. If you do not meet this requirement, you cannot enable Detective. If you do meet the GuardDuty prerequisite, then when you make the request to enable Detective, it checks whether your data volume is within the Detective quota. If it exceeds the quota, then you cannot enable Detective.

The operation also enables Detective for the calling account in the currently selected Region. It returns the ARN of the new behavior graph.

CreateGraph triggers a process to create the corresponding data tables for the new behavior graph.

An account can only be the administrator account for one behavior graph within a Region. If the same account calls CreateGraph with the same administrator account, it always returns the same behavior graph ARN. It does not create a new behavior graph.

Request Syntax

POST /graph HTTP/1.1 Content-type: application/json { "Tags": { "string" : "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

Tags

The tags to assign to the new behavior graph. You can add up to 50 tags. For each tag, you provide the tag key and the tag value. Each tag key can contain up to 128 characters. Each tag value can contain up to 256 characters.

Type: String to string map

Map Entries: Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Maximum length of 256.

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "GraphArn": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

GraphArn

The ARN of the new behavior graph.

Type: String

Pattern: ^arn:aws[-\w]{0,10}?:detective:[-\w]{2,20}?:\d{12}?:graph:[abcdef\d]{32}?$

Errors

For information about the errors that are common to all actions, see Common Errors.

ConflictException

The request attempted an invalid action.

HTTP Status Code: 409

InternalServerException

The request was valid but failed because of a problem with the service.

HTTP Status Code: 500

ServiceQuotaExceededException

This request cannot be completed for one of the following reasons.

  • The request would cause the number of member accounts in the behavior graph to exceed the maximum allowed. A behavior graph cannot have more than 1200 member accounts.

  • The request would cause the data rate for the behavior graph to exceed the maximum allowed.

  • Detective is unable to verify the data rate for the member account. This is usually because the member account is not enrolled in Amazon GuardDuty.

HTTP Status Code: 402

Examples

Example

This example illustrates one usage of CreateGraph.

Sample Request

POST /graph HTTP/1.1 Host: api.detective.us-west-2.amazonaws.com Accept-Encoding: identity Content-Length: 50 Authorization: AUTHPARAMS X-Amz-Date: 20200122T193018Z User-Agent: aws-cli/1.14.29 Python/2.7.9 Windows/8 botocore/1.8.33 { "Tags": { "Department" : "Finance" } }

Example

This example illustrates one usage of CreateGraph.

Sample Response

HTTP/1.1 200 OK Content-Type: application/json Content-Length: 94 Date: Wed, 22 Jan 2020 23:07:46 GMT x-amzn-RequestId: 397d0549-0092-11e8-a0ee-a7f9aa6e7572 Connection: Keep-alive { "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: