Managing administrator and member accounts - AWS Security Hub

Managing administrator and member accounts

An AWS Security Hub administrator account can view data from and manage configuration for its member accounts. The Security Hub administrator-member relationship is established differently based on whether the accounts belong to an organization in AWS Organizations.

Note

The China (Beijing) and China (Ningxia) Regions do not support the integration with Organizations.

If you are integrated with Organizations, the organization management account designates the Security Hub administrator account. See Designating a Security Hub administrator account. The administrator account automatically has access to all of the accounts in the organization. The administrator account determines which accounts in the organization to enable as member accounts. See Managing member accounts that belong to an organization. These member accounts cannot disassociate themselves from the administrator account.

If you are not integrated with Organizations, member accounts accept an invitation from an administrator account. The Security Hub administrator account for an organization can also invite member accounts that are not part of the organization. See Managing member accounts that are not in an organization. Accounts that are added by invitation can disassociate themselves from their administrator account.