Deactivating Amazon Inspector
You can deactivate Amazon Inspector in the Amazon Inspector console or with the Amazon Inspector API. If you deactivate all scan types for an account;, Amazon Inspector is deactivated for that account automatically.
If you deactivate Amazon Inspector for an account, all scan types are deactivated for that account. Additionally, all Amazon Inspector scan settings, inclduing filters, suppression rules, and findings are deleted for the account.
When you deactivate Amazon Inspector Amazon EC2 scanning,Amazon Inspector deletes the following SSM associations:
-
InspectorDistributor-do-not-delete
-
InspectorInventoryCollection-do-not-delete
-
InvokeInspectorSsmPlugin-do-not-delete
. Additionally, the Amazon Inspector SSM plugin installed through this association is removed from all of your Windows hosts. For more information, see Scanning Windows EC2 instance.
Note
Once you deactivate Amazon Inspector, you no longer incur service charges. However, you can reactivate Amazon Inspector at any time.
For information about how to deactivate scan types for different resources, see Deactivating a scan type.
Prerequisites
Depending on the account type, consider the following:
-
If your account is a standalone Amazon Inspector account, you can deactivate Amazon Inspector at any time.
-
If your account is a member account in a multi-account environment, you cannot deactivate Amazon Inspector. You must contact the delegated administrator for your organization to deactivate Amazon Inspector.
-
If you're the delegated administrator for an organization, you must disassociate all of your member accounts before you deactivate Amazon Inspector.
Note
When you deactivate Amazon Inspector as the delegated administrator, you deactivate the auto-activate feature for your organization.
Deactivate Amazon Inspector
Note
Before you deactivate Amazon Inspector, consider exporting your findings.