AWS Security ChangesHomeSearch

AWS inspector medium security documentation change

Service: inspector · 2025-11-22 · Security-related medium

File: inspector/latest/user/disassociating-member-accounts.md

Summary

Added requirement to remove organization policies before disassociating policy-managed accounts.

Security assessment

The change prevents potential security policy enforcement gaps by ensuring accounts are no longer under organization policy control before disassociation. This addresses a scenario where residual policy attachments might leave accounts in an inconsistent security state.

Diff

diff --git a/inspector/latest/user/disassociating-member-accounts.md b/inspector/latest/user/disassociating-member-accounts.md
index 024a3cdca..1fc6597eb 100644
--- a//inspector/latest/user/disassociating-member-accounts.md
+++ b//inspector/latest/user/disassociating-member-accounts.md
@@ -8,0 +9,4 @@ As the delegated administrator, you might need to disassociate a member account
+###### Note
+
+To disassociate policy-managed accounts, there should be no Amazon Inspector organization policy attached to that account for the scan type. 
+