Disassociating member accounts from your organization - AWS Security Hub

Disassociating member accounts from your organization

To stop receiving and viewing findings from an enabled member account, you can disassociate the member account.

When you disassociate a member account, the status changes to Not a member.

Disassociating member accounts (console)

To disassociate member accounts

  1. Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

  2. In the navigation pane, choose Settings. Then choose Accounts.

  3. In the Accounts list, select the accounts to disassociate. You can only disassociate Enabled accounts.

  4. Choose Actions, and then choose Disassociate account.

Disassociating an account (Security Hub API, AWS CLI)

To disassociate member accounts, you can use the Security Hub API or the AWS Command Line Interface.

To disassociate member accounts (Security Hub API, AWS CLI)

  • Security Hub API – Use the DisassociateMembers operation. You must provide the AWS account IDs for the member accounts to disassociate. To view a list of member accounts, use the ListMembers operation.

  • AWS CLI – At the command line, run the disassociate-members command.

    aws securityhub disassociate-members --account-ids <accountIds>


    aws securityhub disassociate-members --account-ids "123456789111" "123456789222"