EnableOrganizationAdminAccount
Designates the Detective administrator account for the organization in the current Region.
If the account does not have Detective enabled, then enables Detective for that account and creates a new behavior graph.
Can only be called by the organization management account.
If the organization has a delegated administrator account in Organizations, then the Detective administrator account must be either the delegated administrator account or the organization management account.
If the organization does not have a delegated administrator account in Organizations, then you can choose any account in the organization. If you choose an account other than the organization management account, Detective calls Organizations to make that account the delegated administrator account for Detective. The organization management account cannot be the delegated administrator account.
Request Syntax
POST /orgs/enableAdminAccount HTTP/1.1
Content-type: application/json
{
"AccountId": "string
"
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- AccountId
-
The AWS account identifier of the account to designate as the Detective administrator account for the organization.
Type: String
Length Constraints: Fixed length of 12.
Pattern:
^[0-9]+$
Required: Yes
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
The request issuer does not have permission to access this resource or perform this operation.
HTTP Status Code: 403
- InternalServerException
-
The request was valid but failed because of a problem with the service.
HTTP Status Code: 500
- TooManyRequestsException
-
The request cannot be completed because too many other requests are occurring at the same time.
HTTP Status Code: 429
- ValidationException
-
The request parameters are invalid.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of EnableOrganizationAdminAccount.
Sample Request
POST /orgs/enableAdminAccount HTTP/1.1
Host: api.detective.us-west-2.amazonaws.com
Accept-Encoding: identity
Content-Length: 28
Authorization: AUTHPARAMS
X-Amz-Date: 20210923T193018Z
User-Agent: aws-cli/1.14.29 Python/2.7.9 Windows/8 botocore/1.8.33
{
"AccountId": "111122223333"
}
Example
This example illustrates one usage of EnableOrganizationAdminAccount.
Sample Response
HTTP/1.1 200 OK
Content-Length: 0
Date: Thu, 23 Sep 2021 23:07:46 GMT
x-amzn-RequestId: 397d0549-0092-11e8-a0ee-a7f9aa6e7572
Connection: Keep-alive
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: