Why did I receive the AWS account ID status "Verification failed" with GuardDuty?
Last updated: 2022-12-19
To manage multiple accounts in Amazon GuardDuty, I invited an AWS account to associate with my AWS account using AWS Organizations. The status of the member account is "Verification failed."
To manage multiple accounts in GuardDuty, you must choose a single AWS account to be the administrator account for GuardDuty. You can then associate other AWS accounts with the administrator account as member accounts.
You can associate accounts with a GuardDuty administrator account with either of the following:
- An AWS Organizations organization that both accounts are members of.
- An invitation that's sent through GuardDuty.
To send an invitation from the GuardDuty administrator account, you must specify the member account's account ID and email address. The "Verification failed" status indicates that the root email address or the account ID that you added as a GuardDuty member account are incorrect.
For more information, see Managing multiple accounts in Amazon GuardDuty.
- Be sure to use the root email address and account ID associated with the account.
- GuardDuty must be turned on in the member account before sending an invitation.
You can bulk add accounts by uploading a .csv file. Be sure to specify the account ID and primary email address separated by a comma on separate lines. The first line of the .csv file must contain the account ID and email header in the following format:
Account ID,Email 111111111111,firstname.lastname@example.org 222222222222,email@example.com
You can also use Python scripts to turn on GuardDuty in multiple accounts simultaneously. For this method, make sure that the accounts in the input .csv file are listed one per line. Use the account ID and email address without headers in the following format:
After the GuardDuty member account accepts the invitation, the Status column for your member account changes to Enabled in the administrator account.