AWS organizations documentation change
Summary
Added documentation for detaching Security Hub policies with console procedures
Security assessment
Documents management of Security Hub policies which are security-related features, but does not address any specific vulnerability or security incident. The change adds operational guidance for existing security controls.
Diff
diff --git a/organizations/latest/userguide/orgs_policies_detach.md b/organizations/latest/userguide/orgs_policies_detach.md index 4fe024686..2b4daef36 100644 --- a//organizations/latest/userguide/orgs_policies_detach.md +++ b//organizations/latest/userguide/orgs_policies_detach.md @@ -297,0 +298,37 @@ The list of attached AI services opt-out policies is updated. The policy change +Security Hub policies + + +You can detach a Security Hub policy by either navigating to the policy or to the root, OU, or account that you want to detach the policy from. + +###### To detach a Security Hub policy by navigating to the root, OU, or account it's attached to + + 1. Sign in to the [AWS Organizations console](https://console.aws.amazon.com/organizations/v2). You must sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization’s management account. + + 2. On the **[AWS accounts](https://console.aws.amazon.com/organizations/v2/home/accounts)** page navigate to the Root, OU, or account that you want to detach a policy from. You might have to expand OUs (choose the  ) to find the OU or account that you want. Choose the name of the Root, OU, or account. + + 3. On the **Policies** tab, choose the radio button next to the Security Hub policy that you want to detach, and then choose **Detach**. + + 4. In the confirmation dialog box, choose **Detach policy**. + +The list of attached Security Hub policies is updated. The policy change takes effect immediately. + + + + +###### To detach a Security Hub policy by navigating to the policy + + 1. Sign in to the [AWS Organizations console](https://console.aws.amazon.com/organizations/v2). You must sign in as an IAM user, assume an IAM role, or sign in as the root user ([not recommended](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)) in the organization’s management account. + + 2. On the **[Security Hub policies](https://console.aws.amazon.com/organizations/v2/home/policies/securityhub-policy)** page, choose the name of the policy that you want to detach from a root, OU, or account. + + 3. On the **Targets** tab, choose the radio button next to the root, OU, or account that you want to detach the policy from. You might have to expand OUs (choose the  ) to find the OU or account that you want. + + 4. Choose **Detach**. + + 5. In the confirmation dialog box, choose **Detach**. + +The list of attached Security Hub policies is updated. The policy change takes effect immediately. + + + +