CreateMembers

Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.

As a delegated administrator, using CreateMembers will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account. A delegated administrator must enable GuardDuty prior to being added as a member.

If you are adding accounts by invitation, before using InviteMembers, use CreateMembers after GuardDuty has been enabled in potential member accounts.

If you disassociate a member from a GuardDuty delegated administrator, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.

Request Syntax

POST /detector/detectorId/member HTTP/1.1
Content-type: application/json

{
   "accountDetails": [ 
      { 
         "accountId": "string",
         "email": "string"
      }
   ]
}

URI Request Parameters

The request uses the following URI parameters.

detectorId

The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

Request Body

The request accepts the following data in JSON format.

accountDetails

A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.

Type: Array of AccountDetail objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "unprocessedAccounts": [ 
      { 
         "accountId": "string",
         "result": "string"
      }
   ]
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

unprocessedAccounts

A list of objects that include the accountIds of the unprocessed accounts and a result string that explains why each was unprocessed.

Type: Array of UnprocessedAccount objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Errors

For information about the errors that are common to all actions, see Common Errors.

BadRequestException

A bad request exception object.

HTTP Status Code: 400

InternalServerErrorException

An internal server error exception object.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3