Deleting member accounts from GuardDuty organization - Amazon GuardDuty
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Deleting member accounts from GuardDuty organization

As a delegated GuardDuty administrator account, after you have disassociated a member account and you no longer want to keep that member account in the GuardDuty organization, you can delete the member account from your GuardDuty organization. This member account will no longer appear in your account inventory. However, this doesn't impact the configuration of GuardDuty and dedicated protection plans in these accounts, unless suspended GuardDuty for these member accounts. This step will not delete the member account from your Amazon organization.

Choose a preferred method to delete a member account from your GuardDuty organization.

Console

  1. Open the GuardDuty console at https://console.amazonaws.cn/guardduty/.

    To sign in, use the credentials of the delegated GuardDuty administrator account.

  2. In the navigation pane, choose Accounts.

  3. In the Accounts table, you can remove an account that has Type as Via Organizations and Status as Removed (disassociated).

    Select one or more accounts with the same Type and Status.

  4. From the Actions dropdown menu, choose Delete account.

  5. Choose Delete accounts to confirm your selection. The selected account member will no longer appear in your Accounts table.

    Repeat the preceding steps in each additional Region where you want to delete this member account.

API/CLI

  1. To retrieve the account ID for the member account that you want to delete, use the ListMembers API. Include the OnlyAssociated parameter in your request. If you set this parameter's value to false, GuardDuty returns a members array that provides details about only those accounts that are currently disassociated GuardDuty members.

    Alternatively, you can use Amazon Command Line Interface (Amazon CLI) to run the following command:

    aws guardduty list-members --only-associated="false" --region us-east-1

    Replace us-east-1 by the Region where you want to remove this account.

  2. To delete one or more GuardDuty member accounts, run DeleteMembers to delete the member account from the GuardDuty organization.

    Alternatively, you can use Amazon CLI to run the following command:

    aws guardduty delete-members --detector-id 12abc34d567e8fa901bc2d34EXAMPLE --account-ids 111122223333 --region us-east-1

    Replace us-east-1 by the Region where you want to remove this account. If you have a list of account IDs that you want to remove, separate them by a space character.