Disassociating member accounts in Security Hub - AWS Security Hub

Disassociating member accounts in Security Hub

Note

We recommend using AWS Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations.

An AWS Security Hub administrator account can disassociate a member account to stop receiving and viewing findings from that account. You must disassociate a member account before you can delete it.

When you disassociate a member account, it remains in your list of member accounts with a status of Removed (Disassociated). Your account is removed from the administrator account information for the member account.

To resume receiving findings for the account, you can resend the invitation. To remove the member account entirely, you can delete the member account.

Choose your preferred method, and follow the steps to disassociate a manually-invited member account from the administrator account.

Security Hub console
To disassociate a manually-invited member account

  1. Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

    Sign in using the credentials of the administrator account.

  2. In the navigation pane, under Settings, choose Configuration.

  3. In the Accounts section, select the accounts that you want to disassociate.

  4. Choose Actions, and then choose Disassociate account.

Security Hub API

To disassociate a manually-invited member account

Invoke the DisassociateMembers API from the administrator account. You must provide the AWS account IDs of the member accounts that you want to disassociate. To view a list of member accounts, use the ListMembers operation.

AWS CLI

To disassociate a manually-invited member account

Run the disassociate-members command from the administrator account. You must provide the AWS account IDs of the member accounts that you want to disassociate. To view a list of member accounts, run the list-members command.

aws securityhub disassociate-members --account-ids <accountIds>

Example

aws securityhub disassociate-members --account-ids "123456789111" "123456789222"