Deactivating Amazon Inspector - Amazon Inspector
Deactivate Amazon Inspector

Deactivating Amazon Inspector

You can deactivate Amazon Inspector in the Amazon Inspector console or with the Amazon Inspector API. If you deactivate all Amazon Inspector scans for an AWS account, Amazon Inspector is deactivated for the current account automatically.

After you deactivate Amazon Inspector for an account, all scan types are deactivated for the account. Additionally, all Amazon Inspector scan settings, inclduing filters, suppression rules, and findings are deleted for the account.

When you deactivate Amazon Inspector Amazon EC2 scanning, the following SSM associations used by Amazon Inspector are deleted:

  • InspectorDistributor-do-not-delete

  • InspectorInventoryCollection-do-not-delete

  • InvokeInspectorSsmPlugin-do-not-delete. Additionally, the Amazon Inspector SSM plugin, which is installed through this association, is removed from all of your Windows hosts. For more information, see Scanning Windows instances.

For information about how to deactivate scans types for different resources, see Automated resource scanning with Amazon Inspector.

Note

Once you deactivate Amazon Inspector, you're no longer charged for using the service. However, you can reactivate Amazon Inspector at any time.

Prerequisites

Depending on your account type, consider the following:

  • If your account is a standalone Amazon Inspector account, you can deactivate Amazon Inspector at any time.

  • If your account is a member account in a multi-account environment, you cannot deactivate Amazon Inspector. You must contact the delegated administrator for your organization to deactivate Amazon Inspector.

  • If you're the delegated administrator for an organization, you must disassociate all of your member accounts before you deactivate Amazon Inspector. For more information, see Disassociating member accounts in Amazon Inspector.

Note

When you deactivate Amazon Inspector as the delegated administrator, the auto-activate feature is deactivated for your organization.

Before you deactivate Amazon Inspector, we recommend you export your findings.

Deactivate Amazon Inspector

Console
To deactivate Amazon Inspector

  1. Sign in using your credentials, and then open the Amazon Inspector console at https://console.aws.amazon.com/inspector/v2/home.

  2. By using the AWS Region selector in the upper-right corner of the page, choose the Region in which you want to deactivate Amazon Inspector.

  3. In the navigation pane, choose General settings.

  4. Choose Deactivate Inspector.

  5. When prompted for confirmation, enter deactivate in the text box, and then choose Deactivate Inspector.

  6. (Recommended) Repeat these steps in each Region for which you want to deactivate Amazon Inspector.

API

Run the Disable API operation. In the request, provide the account IDs you are deactivating, and EC2, ECR, LAMBDA for resourceTypes to deactivate all scans, which will deactivate the account.