Closed shreyasdamle closed 6 years ago
Damle, the reason is that account was already a member account and an account can only be a member of 1 account. The disable script would have removed that membership, so if now run the enable script again it should work without issue. I will make an update to better handle this condition. thanks ryan
Thanks Ryan.
I removed the existing membership and ran the enable script again. However, it is still stuck at ap-northeast-1 region. Does it take time? I waited for like 30 mins :
Assumed session for XXXXXXXXXXXX.
Beginning XXXXXXXXXXXX in ap-northeast-1
Created detector 26a6a6a6a6a6a6a7a4517d38093 in ap-northeast-1 for XXXXXXXXXXXX
Added Account XXXXXXXXXXXX to member list in GuardDuty master account YYYYYYYYYYY for region ap-northeast-1
Invited Account XXXXXXXXXXXX to GuardDuty master account YYYYYYYYYYY in region ap-northeast-1
Also, I checked in the console, GuardDuty is enabled in ap-northeast-1 region. However, there is no invitation from the Master account.
I'm certain that I am using the correct root account email address. It works when I send an invite through the console. An invitation does appear in the Accounts tab.
It should not take more than a few seconds, on the Master account can you check the Accounts page to see the status, if there was a mis-match on the email it would show there.
I checked Master account, Status says "Verification failed" for XXXXXXXXXXXX account. However, for the same AccountId and EmailAddress, Status is "Enabled" if I go through the console.
Verification fails only if the email address is not correct, can you check there are no extra characters or escape characters in the CSV file and that its formatted as AccountID,EmailAddress
Thanks Ryan! It is working now. There was an extra escape character in the CSV file.
Script stuck in ap-northeast-1 region:
But, did not get any problem with disabledguardduty script (enabled GuardDuty manually). Any reason it is failing while enabling GuardDuty?