AWS::GuardDuty::Member - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::GuardDuty::Member

You can use the AWS::GuardDuty::Member resource to add an Amazon account as a GuardDuty member account to the current GuardDuty administrator account. If the value of the Status property is not provided or is set to Created, a member account is created but not invited. If the value of the Status property is set to Invited, a member account is created and invited. An AWS::GuardDuty::Member resource must be created with the Status property set to Invited before the AWS::GuardDuty::Master resource can be created in a GuardDuty member account.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::GuardDuty::Member",
  "Properties" : {
      "DetectorId" : String,
      "DisableEmailNotification" : Boolean,
      "Email" : String,
      "MemberId" : String,
      "Message" : String,
      "Status" : String
    }
}

YAML

Type: AWS::GuardDuty::Member
Properties:
  DetectorId: String
  DisableEmailNotification: Boolean
  Email: String
  MemberId: String
  Message: String
  Status: String

Properties

DetectorId

The ID of the detector associated with the GuardDuty service to add the member to.

Required: No

Type: String

Update requires: Replacement

DisableEmailNotification

Specifies whether or not to disable email notification for the member account that you invite.

Required: No

Type: Boolean

Update requires: No interruption

Email

The email address associated with the member account.

Required: Yes

Type: String

Update requires: No interruption

MemberId

The Amazon account ID of the account to designate as a member.

Required: No

Type: String

Update requires: Replacement

Message

The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.

Required: No

Type: String

Update requires: No interruption

Status

You can use the Status property to update the status of the relationship between the member account and its administrator account. Valid values are Created and Invited when using an AWS::GuardDuty::Member resource. If the value for this property is not provided or set to Created, a member account is created but not invited. If the value of this property is set to Invited, a member account is created and invited.

Required: No

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the unique ID of the GuardDuty member account, such as 111122223333.

For more information about using the Ref function, see Ref.

Examples

Declare a Member Resource

The following example shows how to declare a GuardDutyMember resource:

JSON

"GDmaster": {
    "Type": "AWS::GuardDuty::Member",
    "Properties": {
        "Status": "Invited",    
        "MemberId": "555555555555",
        "Email": "guardduty-member@amazon.com",
        "Message": "You are invited to enable Amazon Guardduty.",
        "DetectorId": "a12abc34d567e8fa901bc2d34e56789f0",
        "DisableEmailNotification": true
        }
}

YAML


      Type: AWS::GuardDuty::Member
      Properties:
            Status: Invited
            MemberId: 555555555555
            Email: guardduty-member@amazon.com
            Message: You are invited to enable Amazon Guardduty.
            DetectorId: a12abc34d567e8fa901bc2d34e56789f0
            DisableEmailNotification: true