AWS::Detective::MemberInvitation - AWS CloudFormation

AWS::Detective::MemberInvitation

The AWS::Detective::MemberInvitation resource is an Amazon Detective resource type that creates an invitation to join a Detective behavior graph. The administrator account can choose whether to send an email notification of the invitation to the root user email address of the AWS account.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Detective::MemberInvitation", "Properties" : { "DisableEmailNotification" : Boolean, "GraphArn" : String, "MemberEmailAddress" : String, "MemberId" : String, "Message" : String } }

YAML

Type: AWS::Detective::MemberInvitation Properties: DisableEmailNotification: Boolean GraphArn: String MemberEmailAddress: String MemberId: String Message: String

Properties

DisableEmailNotification

Whether to send an invitation email to the member account. If set to true, the member account does not receive an invitation email.

Required: No

Type: Boolean

Update requires: No interruption

GraphArn

The ARN of the behavior graph to invite the account to contribute data to.

Required: Yes

Type: String

Pattern: arn:aws(-[\w]+)*:detective:(([a-z]+-)+[0-9]+):[0-9]{12}:graph:[0-9a-f]{32}

Update requires: Replacement

MemberEmailAddress

The root user email address of the invited account. If the email address provided is not the root user email address for the provided account, the invitation creation fails.

Required: Yes

Type: String

Pattern: .*@.*

Update requires: No interruption

MemberId

The AWS account identifier of the invited account

Required: Yes

Type: String

Pattern: [0-9]{12}

Update requires: Replacement

Message

Customized text to include in the invitation email message.

Required: No

Type: String

Minimum: 1

Maximum: 1000

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ARN of the behavior graph and the member account identifier, separated by a pipe character ('|').

For more information about using the Ref function, see Ref.

Examples

Sending a behavior graph invitation to a member account

This example shows how to declare a new AWS:Detective:MemberInvitation resource to create a new invitation to a member account and send an email notification.

JSON

"MemberInvitation": { "Type": "AWS::Detective::MemberInvitation", "Properties": { "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899", "MemberId": "444455556666", "MemberEmailAddress": "mmajor@example.com", "Message": "This is Paul Santos. I need to add your account to the data we use for security investigation in Detective. If you have any questions, contact me at psantos@example.com." } }

YAML

MemberInvitation: Type: AWS::Detective::MemberInvitation Properties: GraphArn: "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" MemberId: 444455556666 MemberEmailAddress: mmajor@example.com Message: This is Paul Santos. I need to add your account to the data we use for security investigation in Detective. If you have any questions, contact me at psantos@example.com.

Blocking the email notification of an invitation to a member account

This example shows how to declare a new AWS:Detective:MemberInvitation resource to create a new invitation to a member account. The email notification is blocked.

JSON

"MemberInvitation": { "Type": "AWS::Detective::MemberInvitation", "Properties": { "GraphArn": "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899", "MemberId": "444455556666", "MemberEmailAddress": "mmajor@example.com", "DisableEmailNotification": "true" } }

YAML

MemberInvitation: Type: AWS::Detective::MemberInvitation Properties: GraphArn: "arn:aws:detective:us-east-1:111122223333:graph:027c7c4610ea4aacaf0b883093cab899" MemberId: 444455556666 MemberEmailAddress: mmajor@example.com DisableEmailNotification: true