AWS Security Hub
API Reference (API Version 2018-10-26)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

CreateMembers

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account. To successfully create a member, you must use this action from an account that already has Security Hub enabled. You can use the EnableSecurityHub to enable Security Hub.

After you use CreateMembers to create member account associations in Security Hub, you need to use the InviteMembers action, which invites the accounts to enable Security Hub and become member accounts in Security Hub. If the invitation is accepted by the account owner, the account becomes a member account in Security Hub, and a permission policy is added that permits the master account to view the findings generated in the member account. When Security Hub is enabled in the invited account, findings start being sent to both the member and master accounts.

You can remove the association between the master and member accounts by using the DisassociateFromMasterAccount or DisassociateMembers operation.

Request Syntax

POST /members HTTP/1.1 Content-type: application/json { "AccountDetails": [ { "AccountId": "string", "Email": "string" } ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

AccountDetails

A list of account ID and email address pairs of the accounts to associate with the Security Hub master account.

Type: Array of AccountDetails objects

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UnprocessedAccounts

A list of account ID and email address pairs of the AWS accounts that weren't processed.

Type: Array of Result objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalException

Internal server error.

HTTP Status Code: 500

InvalidAccessException

AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401

InvalidInputException

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

HTTP Status Code: 400

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

HTTP Status Code: 429

ResourceConflictException

The resource specified in the request conflicts with an existing resource.

HTTP Status Code: 409

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: