Responding to an invitation to be a member account
You can accept or decline an invitation to be a member account.
After you accept an invitation, your account becomes an AWS Security Hub member account. The account that sent the invitation becomes your Security Hub administrator account. The administrator account user can view findings for your member account in Security Hub.
If you decline the invitation, then your account is marked as Resigned on the administrator account's list of member accounts.
You can only accept one invitation to be a member account.
Before you can accept or decline an invitation, you must enable Security Hub.
Remember that all Security Hub accounts must have AWS Config enabled and configured to record all resources. For details on the requirement for AWS Config, see Enabling and configuring AWS Config.
Accept an invitation
Choose your preferred method, and follow the steps to accept an invitation to be a member account.
Note
The Security Hub console continues to use AcceptInvitation
. It will
eventually change to use AcceptAdministratorInvitation
. Any IAM
policies that specifically control access to this function must continue to use
AcceptInvitation
. You should also add
AcceptAdministratorInvitation
to your policies to ensure that
the correct permissions are in place after the console begins to use
AcceptAdministratorInvitation
.
Decline an invitation
You can decline an invitation to be a member account. When you decline an invitation in the Security Hub console, your account is marked as Resigned on the administrator account's list of member accounts.
When you decline an invitation, you must be signed in to the member account that received the invitation.
Choose your preferred method, and follow the steps to decline an invitation to be a member account.