Disabling Security Hub (console)Disabling Security Hub (Security Hub API, AWS CLI)

Disabling Security Hub

To disable AWS Security Hub, you can use the Security Hub console or the Security Hub API.

You cannot disable Security Hub in the following cases:

Your account is the designated Security Hub administrator account for an organization.
Your account is a Security Hub administrator account by invitation, and you have member accounts that are enabled. Before you can disable Security Hub, you must disassociate all of your member accounts. See Disassociating member accounts.
Your account is a member account. Before you can disable Security Hub, your account must be disassociated from your administrator account.

For an organization account, only the administrator account can disassociate member accounts. See Disassociating member accounts from your organization.

For manually invited accounts, either the administrator account or the member account can disassociate the member account. See Disassociating member accounts or Disassociating from your administrator account.

When you disable Security Hub for an account, it is disabled only in the current Region. No new findings are processed for the account in that Region.

The following also occurs.

After 90 days, your existing findings and insights and any Security Hub configuration settings are deleted and cannot be recovered.

If you want to save your existing findings, you must export them before you disable Security Hub. For more information, see Effect of account actions on Security Hub data.
Any enabled standards are disabled.

Disabling Security Hub (console)

You can disable Security Hub from the AWS Management Console.

To disable Security Hub (console)

Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.
In the navigation pane, choose Settings.
On the Settings page, choose General.
Under Disable AWS Security Hub, choose Disable AWS Security Hub. Then choose Disable AWS Security Hub again.

Disabling Security Hub (Security Hub API, AWS CLI)

To disable Security Hub, you can use an API call or the AWS Command Line Interface.

To disable Security Hub (Security Hub API, AWS CLI)

Security Hub API – Use the DisableSecurityHub operation.
AWS CLI – At the command line, run the disable-security-hub command.
```
aws securityhub disable-security-hub
```

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Regional limits

Controls change log