enable_organization_admin_account

Detective.Client.enable_organization_admin_account(**kwargs)

Designates the Detective administrator account for the organization in the current Region.

If the account does not have Detective enabled, then enables Detective for that account and creates a new behavior graph.

Can only be called by the organization management account.

If the organization has a delegated administrator account in Organizations, then the Detective administrator account must be either the delegated administrator account or the organization management account.

If the organization does not have a delegated administrator account in Organizations, then you can choose any account in the organization. If you choose an account other than the organization management account, Detective calls Organizations to make that account the delegated administrator account for Detective. The organization management account cannot be the delegated administrator account.

See also: AWS API Documentation

Request Syntax

response = client.enable_organization_admin_account(
    AccountId='string'
)
Parameters
AccountId (string) --

[REQUIRED]

The Amazon Web Services account identifier of the account to designate as the Detective administrator account for the organization.

Returns
None

Exceptions

  • Detective.Client.exceptions.AccessDeniedException
  • Detective.Client.exceptions.InternalServerException
  • Detective.Client.exceptions.ValidationException
  • Detective.Client.exceptions.TooManyRequestsException