UpdateMemberDetectors - Amazon GuardDuty


Contains information on member accounts to be updated.

Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Request Syntax

POST /detector/detectorId/member/detector/update HTTP/1.1 Content-type: application/json { "accountIds": [ "string" ], "dataSources": { "kubernetes": { "auditLogs": { "enable": boolean } }, "malwareProtection": { "scanEc2InstanceWithFindings": { "ebsVolumes": boolean } }, "s3Logs": { "enable": boolean } }, "features": [ { "additionalConfiguration": [ { "name": "string", "status": "string" } ], "name": "string", "status": "string" } ] }

URI Request Parameters

The request uses the following URI parameters.


The detector ID of the administrator account.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

Request Body

The request accepts the following data in JSON format.


A list of member account IDs to be updated.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Length Constraints: Fixed length of 12.

Required: Yes


This parameter has been deprecated.

Describes which data sources will be updated.

Type: DataSourceConfigurations object

Required: No


A list of features that will be updated for the specified member accounts.

Type: Array of MemberFeaturesConfiguration objects

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "unprocessedAccounts": [ { "accountId": "string", "result": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

Type: Array of UnprocessedAccount objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.


For information about the errors that are common to all actions, see Common Errors.


A bad request exception object.

HTTP Status Code: 400


An internal server error exception object.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: