Detective / Client / create_graph



Creates a new behavior graph for the calling account, and sets that account as the administrator account. This operation is called by the account that is enabling Detective.

Before you try to enable Detective, make sure that your account has been enrolled in Amazon GuardDuty for at least 48 hours. If you do not meet this requirement, you cannot enable Detective. If you do meet the GuardDuty prerequisite, then when you make the request to enable Detective, it checks whether your data volume is within the Detective quota. If it exceeds the quota, then you cannot enable Detective.

The operation also enables Detective for the calling account in the currently selected Region. It returns the ARN of the new behavior graph.

CreateGraph triggers a process to create the corresponding data tables for the new behavior graph.

An account can only be the administrator account for one behavior graph within a Region. If the same account calls CreateGraph with the same administrator account, it always returns the same behavior graph ARN. It does not create a new behavior graph.

See also: AWS API Documentation

Request Syntax

response = client.create_graph(
        'string': 'string'

Tags (dict) –

The tags to assign to the new behavior graph. You can add up to 50 tags. For each tag, you provide the tag key and the tag value. Each tag key can contain up to 128 characters. Each tag value can contain up to 256 characters.

  • (string) –

    • (string) –

Return type:



Response Syntax

    'GraphArn': 'string'

Response Structure

  • (dict) –

    • GraphArn (string) –

      The ARN of the new behavior graph.


  • Detective.Client.exceptions.AccessDeniedException

  • Detective.Client.exceptions.ConflictException

  • Detective.Client.exceptions.InternalServerException

  • Detective.Client.exceptions.ServiceQuotaExceededException