Why did I receive the AWS account ID status "Verification failed" with GuardDuty?

2 minute read
0

To manage multiple accounts in Amazon GuardDuty, I invited an AWS account to associate with my AWS account using AWS Organizations. The status of the member account is "Verification failed."

Short description

To manage multiple accounts in GuardDuty, you must choose a single AWS account to be the administrator account for GuardDuty. You can then associate other AWS accounts with the administrator account as member accounts.

You can associate accounts with a GuardDuty administrator account with either of the following:

  • An AWS Organizations organization that both accounts are members of.
  • An invitation that's sent through GuardDuty.

To send an invitation from the GuardDuty administrator account, you must specify the member account's account ID and email address. The "Verification failed" status indicates that the root email address or the account ID that you added as a GuardDuty member account are incorrect.

For more information, see Managing multiple accounts in Amazon GuardDuty.

Resolution

Follow these steps to designate a GuardDuty delegated administrator, and add member accounts using the GuardDuty console.

Important:

  • Be sure to use the root email address and account ID associated with the account.
  • GuardDuty must be turned on in the member account before sending an invitation.

You can bulk add accounts by uploading a .csv file. Be sure to specify the account ID and primary email address separated by a comma on separate lines. The first line of the .csv file must contain the account ID and email header in the following format:

Account ID,Email
111111111111,primary1@example.com
222222222222,primary2@example.com

You can also use Python scripts to turn on GuardDuty in multiple accounts simultaneously. For this method, make sure that the accounts in the input .csv file are listed one per line. Use the account ID and email address without headers in the following format:

111111111111,primary1@example.com
222222222222,primary2@example.com

After the GuardDuty member account accepts the invitation, the Status column for your member account changes to Enabled in the administrator account.


Related information

How do I set up a trusted IP address list for GuardDuty?

AWS OFFICIAL
AWS OFFICIALUpdated a year ago