DeleteMembers
Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the administrator account for the behavior graph.
For invited accounts, the removed accounts are deleted from the list of accounts in the behavior graph. To restore the account, the administrator account must send another invitation.
For organization accounts in the organization behavior graph, the Detective
administrator account can always enable the organization account again. Organization
accounts that are not enabled as member accounts are not included in the
ListMembers results for the organization behavior graph.
An administrator account cannot use DeleteMembers to remove their own
account from the behavior graph. To disable a behavior graph, the administrator account
uses the DeleteGraph API method.
Request Syntax
POST /graph/members/removal HTTP/1.1
Content-type: application/json
{
"AccountIds": [ "string" ],
"GraphArn": "string"
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- AccountIds
-
The list of AWS account identifiers for the member accounts to remove from the behavior graph. You can remove up to 50 member accounts at a time.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Length Constraints: Fixed length of 12.
Pattern:
^[0-9]+$Required: Yes
- GraphArn
-
The ARN of the behavior graph to remove members from.
Type: String
Pattern:
^arn:aws[-\w]{0,10}?:detective:[-\w]{2,20}?:\d{12}?:graph:[abcdef\d]{32}?$Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"AccountIds": [ "string" ],
"UnprocessedAccounts": [
{
"AccountId": "string",
"Reason": "string"
}
]
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- AccountIds
-
The list of AWS account identifiers for the member accounts that Detective successfully removed from the behavior graph.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Length Constraints: Fixed length of 12.
Pattern:
^[0-9]+$ - UnprocessedAccounts
-
The list of member accounts that Detective was not able to remove from the behavior graph. For each member account, provides the reason that the deletion could not be processed.
Type: Array of UnprocessedAccount objects
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
The request issuer does not have permission to access this resource or perform this operation.
HTTP Status Code: 403
- ConflictException
-
The request attempted an invalid action.
HTTP Status Code: 409
- InternalServerException
-
The request was valid but failed because of a problem with the service.
HTTP Status Code: 500
- ResourceNotFoundException
-
The request refers to a nonexistent resource.
HTTP Status Code: 404
- ValidationException
-
The request parameters are invalid.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of DeleteMembers.
Sample Request
POST /graph/members/removal HTTP/1.1
Host: api.detective.us-west-2.amazonaws.com
Accept-Encoding: identity
Content-Length: 128
Authorization: AUTHPARAMS
X-Amz-Date: 20200220T193018Z
User-Agent: aws-cli/1.14.29 Python/2.7.9 Windows/8 botocore/1.8.33
{
"AccountIds": [ "444455556666" ],
"GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899"
}
Example
This example illustrates one usage of DeleteMembers.
Sample Response
HTTP/1.1 200 OK
Content-Length: 63
Date: Thu, 20 Feb 2020 23:07:46 GMT
x-amzn-RequestId: 397d0549-0092-11e8-a0ee-a7f9aa6e7572
{
"AccountIds": [ "444455556666" ],
"UnprocessedAccounts": [ ]
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
