AWS::GuardDuty::Member
You can use the AWS::GuardDuty::Member
resource to add an AWS account as a GuardDuty
member account to the current GuardDuty
administrator account. If the value of the Status
property is not
provided or is set to Created
, a member account is created but not
invited. If the value of the Status
property is set to
Invited
, a member account is created and invited. An
AWS::GuardDuty::Member
resource must be created with the
Status
property set to Invited
before the
AWS::GuardDuty::Master
resource can be created in a GuardDuty member account.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::GuardDuty::Member", "Properties" : { "DetectorId" :
String
, "DisableEmailNotification" :Boolean
, "Email" :String
, "MemberId" :String
, "Message" :String
, "Status" :String
} }
YAML
Type: AWS::GuardDuty::Member Properties: DetectorId:
String
DisableEmailNotification:Boolean
Email:String
MemberId:String
Message:String
Status:String
Properties
DetectorId
-
The ID of the detector associated with the GuardDuty service to add the member to.
Required: No
Type: String
Update requires: Replacement
DisableEmailNotification
-
Specifies whether or not to disable email notification for the member account that you invite.
Required: No
Type: Boolean
Update requires: No interruption
Email
-
The email address associated with the member account.
Required: Yes
Type: String
Update requires: No interruption
MemberId
-
The AWS account ID of the account to designate as a member.
Required: No
Type: String
Update requires: Replacement
Message
-
The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
Required: No
Type: String
Update requires: No interruption
Status
-
You can use the
Status
property to update the status of the relationship between the member account and its administrator account. Valid values areCreated
andInvited
when using anAWS::GuardDuty::Member
resource. If the value for this property is not provided or set toCreated
, a member account is created but not invited. If the value of this property is set toInvited
, a member account is created and invited.Required: No
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the unique ID of the GuardDuty member account, such as
012345678901.
For more information about using the Ref
function, see Ref
.
Examples
Declare a Member Resource
The following example shows how to declare a GuardDuty
Member
resource:
JSON
"GDmaster": { "Type": "AWS::GuardDuty::Member", "Properties": { "Status": "Invited", "MemberId": "012345678901", "Email": "guarddutymember@amazon.com", "Message": "You are invited to enable Amazon Guardduty.", "DetectorId": "a12abc34d567e8fa901bc2d34e56789f0", "DisableEmailNotification": true } }
YAML
Type: AWS::GuardDuty::Member Properties: Status: Invited MemberId: 012345678901 Email: guarddutymember@amazon.com Message: You are invited to enable Amazon Guardduty. DetectorId: a12abc34d567e8fa901bc2d34e56789f0 DisableEmailNotification: true