Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Disassociating member
accounts
An Amazon Security Hub administrator account can disassociate a member
account to stop receiving and viewing findings from that account. You must disassociate
a member account before you can delete it.
When you disassociate a member account, it remains in your list of member accounts
with a status of Removed (Disassociated). Your account is removed
from the administrator account information for the member account.
To resume receiving findings for the account, you can resend the invitation. To remove
the member account entirely, you can delete the member account.
Choose your preferred method, and follow the steps to disassociate a manually-invited member account from the administrator account.
- Security Hub console
-
To disassociate a manually-invited member account
Open the Amazon Security Hub console at https://console.amazonaws.cn/securityhub/.
Sign in using the credentials of the administrator account.
-
In the navigation pane, under Settings, choose Configuration.
-
In the Accounts section, select the accounts that you want to disassociate.
-
Choose Actions, and then choose
Disassociate account.
- Security Hub API
-
To disassociate a manually-invited member account
Invoke the DisassociateMembers
API from the administrator account. You must
provide the Amazon Web Services account IDs of the member accounts that you want to disassociate. To
view a list of member accounts, use the ListMembers
operation.
- Amazon CLI
-
To disassociate a manually-invited member account
Run the disassociate-members
command from the administrator account. You must
provide the Amazon Web Services account IDs of the member accounts that you want to disassociate. To
view a list of member accounts, run the list-members
command.
aws securityhub disassociate-members --account-ids <accountIds>
Example
aws securityhub disassociate-members --account-ids "123456789111" "123456789222"