AWS inspector medium security documentation change
Summary
Added requirement to remove organization policies before disassociating policy-managed accounts.
Security assessment
The change prevents potential security policy enforcement gaps by ensuring accounts are no longer under organization policy control before disassociation. This addresses a scenario where residual policy attachments might leave accounts in an inconsistent security state.
Diff
diff --git a/inspector/latest/user/disassociating-member-accounts.md b/inspector/latest/user/disassociating-member-accounts.md index 024a3cdca..1fc6597eb 100644 --- a//inspector/latest/user/disassociating-member-accounts.md +++ b//inspector/latest/user/disassociating-member-accounts.md @@ -8,0 +9,4 @@ As the delegated administrator, you might need to disassociate a member account +###### Note + +To disassociate policy-managed accounts, there should be no Amazon Inspector organization policy attached to that account for the scan type. +