DeregisterOrganizationAdminAccount - AWS Audit Manager

DeregisterOrganizationAdminAccount

Removes the specified AWS account as a delegated administrator for AWS Audit Manager.

When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from AWS Organizations. However, Audit Manager stops collecting and attaching evidence to that delegated administrator account moving forward.

Important

Keep in mind the following cleanup task if you use evidence finder:

Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store.

This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager ignores an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.

When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.

To delete your Audit Manager resource data, see the following instructions:

At this time, Audit Manager doesn't provide an option to delete evidence for a specific delegated administrator. Instead, when your management account deregisters Audit Manager, we perform a cleanup for the current delegated administrator account at the time of deregistration.

Request Syntax

POST /account/deregisterOrganizationAdminAccount HTTP/1.1 Content-type: application/json { "adminAccountId": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

adminAccountId

The identifier for the administrator account.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: No

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.

HTTP Status Code: 403

InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500

ResourceNotFoundException

The resource that's specified in the request can't be found.

HTTP Status Code: 404

ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: