The content from the Amazon Detective Administration Guide is now consolidated into the Amazon Detective User Guide. Amazon Detective Administration Guide will reach its end of standard support on May 08, 2024.
Disassociating organization accounts as member accounts
To stop ingesting data from an organization account in the organization behavior graph, you can disassociate the account. Existing data for that account remains in the behavior graph.
When you disassociate an organization account, the status changes to Not a member. Detective stops ingesting data from that account, but the account remains in the list.
Disassociating organization accounts (console)
From the Account management page, you can disassociate organization accounts as member accounts.
-
Open the Amazon Detective console at https://console.aws.amazon.com/detective/
. -
In the Detective navigation pane, choose Account management.
-
To display the list of enabled accounts, choose Enabled.
-
Select the check box for each account to disassociate.
-
Choose Actions. Then choose Disable accounts.
The account status for the disassociated accounts changes to Not a member.
Disassociating organization accounts (Detective API, AWS CLI)
You can use the Detective API or the AWS Command Line Interface to disassociate organization accounts as member accounts in your behavior graph.
To get the ARN of your behavior graph to use in the request, use the ListGraphs operation.
To disassociate organization accounts from the organization behavior graph (Detective API, AWS CLI)
-
Detective API: Use the
DeleteMembersoperation. Specify the graph ARN and the list of account identifiers for the member accounts to disassociate. -
AWS CLI: At the command line, run the
delete-memberscommand.aws detective delete-members --account-ids<account ID list>--graph-arn<behavior graph ARN>Example
aws detective delete-members --account-ids 444455556666 123456789012 --graph-arn arn:aws:detective:us-east-1:111122223333:graph:123412341234
