CreateMembers - AWS Security Hub


Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account. To successfully create a member, you must use this action from an account that already has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

After you use CreateMembers to create member account associations in Security Hub, you must use the InviteMembers operation to invite the accounts to enable Security Hub and become member accounts in Security Hub.

If the account owner accepts the invitation, the account becomes a member account in Security Hub. A permissions policy is added that permits the master account to view the findings generated in the member account. When Security Hub is enabled in the invited account, findings start to be sent to both the member and master accounts.

To remove the association between the master and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

Request Syntax

POST /members HTTP/1.1 Content-type: application/json { "AccountDetails": [ { "AccountId": "string", "Email": "string" } ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


The list of accounts to associate with the Security Hub master account. For each account, the list includes the account ID and the email address.

Type: Array of AccountDetails objects

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "UnprocessedAccounts": [ { "AccountId": "string", "ProcessingResult": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The list of AWS accounts that were not processed. For each account, the list includes the account ID and the email address.

Type: Array of Result objects


For information about the errors that are common to all actions, see Common Errors.


Internal server error.

HTTP Status Code: 500


AWS Security Hub isn't enabled for the account used to make this request.

HTTP Status Code: 401


The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

HTTP Status Code: 400


The request was rejected because it attempted to create resources beyond the current AWS account limits. The error code describes the limit exceeded.

HTTP Status Code: 429


The resource specified in the request conflicts with an existing resource.

HTTP Status Code: 409

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: