Syntax Properties Return values Examples

AWS::GuardDuty::Member

You can use the AWS::GuardDuty::Member resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::GuardDuty::Member",
  "Properties" : {
      "DetectorId" : String,
      "DisableEmailNotification" : Boolean,
      "Email" : String,
      "MemberId" : String,
      "Message" : String,
      "Status" : String
    }
}

YAML


Type: AWS::GuardDuty::Member
Properties:
  DetectorId: String
  DisableEmailNotification: Boolean
  Email: String
  MemberId: String
  Message: String
  Status: String

Properties

DetectorId

The ID of the detector associated with the GuardDuty service to add the member to.

Required: No

Type: String

Update requires: Replacement

DisableEmailNotification

Specifies whether or not to disable email notification for the member account that you invite.

Required: No

Type: Boolean

Update requires: No interruption

Email

The email address associated with the member account.

Required: Yes

Type: String

Update requires: No interruption

MemberId

The AWS account ID of the account to designate as a member.

Required: No

Type: String

Update requires: Replacement

Message

The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.

Required: No

Type: String

Update requires: No interruption

Status

You can use the Status property to update the status of the relationship between the member account and its administrator account. Valid values are Created and Invited when using an AWS::GuardDuty::Member resource. If the value for this property is not provided or set to Created, a member account is created but not invited. If the value of this property is set to Invited, a member account is created and invited.

Required: No

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the unique ID of the GuardDuty member account, such as 012345678901.

For more information about using the Ref function, see Ref.

Examples

Declare a Member Resource

The following example shows how to declare a GuardDuty Member resource:

JSON


"GDmaster": {
    "Type": "AWS::GuardDuty::Member",
    "Properties": {
        "Status": "Invited",    
        "MemberId": "012345678901",
        "Email": "guarddutymember@amazon.com",
        "Message": "You are invited to enable Amazon Guardduty.",
        "DetectorId": "a12abc34d567e8fa901bc2d34e56789f0",
        "DisableEmailNotification": true
        }
}

YAML



      Type: AWS::GuardDuty::Member
      Properties:
            Status: Invited
            MemberId: 012345678901
            Email: guarddutymember@amazon.com
            Message: You are invited to enable Amazon Guardduty.
            DetectorId: a12abc34d567e8fa901bc2d34e56789f0
            DisableEmailNotification: true

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::GuardDuty::Master

AWS::GuardDuty::ThreatIntelSet