Deleting member accounts
As an AWS Security Hub administrator account, you can delete member accounts that were added by
invitation. Before you can delete an enabled account, you must disassociate it.
When you delete a member account, it is completely removed from the list. To restore
the account's membership, you must add and invite it again as if it were a completely new
member account.
You can't delete accounts that belong to an organization and that are managed using the integration with AWS Organizations.
Choose your preferred method, and follow the steps to delete manually-invited member accounts.
- Security Hub console
-
To delete a manually-invited member account
Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.
Sign in using the administrator account.
-
In the navigation pane, choose Settings, and then
choose Configuration.
-
Choose the Invitation accounts tab. Then, select the accounts to
delete.
-
Choose Actions, and then choose Delete. This option is available only if you have disassociated the account. You
must disassociate a member account before it can be deleted.
- Security Hub API
-
To delete a manually-invited member account
Invoke the DeleteMembers API from the administrator account. You must provide the
AWS account IDs of the member accounts that you want to delete. To retrieve the list of
member accounts, invoke the ListMembers API.
- AWS CLI
-
To delete a manually-invited member account
Run
the delete-members command from the administrator account. You must provide the
AWS account IDs of the member accounts that you want to delete. To retrieve the list of
member accounts, run the list-members command.
aws securityhub delete-members --account-ids <memberAccountIDs>
Example
aws securityhub delete-members --account-ids "123456789111" "123456789222"
