Managing administrator and member accounts - AWS Security Hub

Managing administrator and member accounts

An administrator account can view data from and manage configuration for its member accounts. The administrator-member relationship is established differently based on whether you use the integration with AWS Organizations.

If you are integrated with Organizations, the organization management account designates the Security Hub administrator account. See Designating a Security Hub administrator account. The Security Hub administrator account automatically has access to all of the accounts in the organization. The Security Hub administrator account determines which organization accounts to enable as member accounts. See Managing member accounts that belong to an organization. These member accounts cannot disassociate themselves from the administrator account.

Otherwise, member accounts accept an invitation from an administrator account. The Security Hub administrator account can also invite member accounts that are not part of the organization. See Managing member accounts by invitation. Accounts that are added by invitation can disassociate themselves from their administrator account.