- Mais recentes
- Mais votos
- Mais comentários
Hello,
I'd like to mention that the above error message indicates the account still has configuration policies or policy associations due to which you cannot switch from central configuration to local configuration. Before you can stop using central configuration, you must first disassociate your accounts and OUs from their current configuration, whether that's a configuration policy or self-managed behavior.
Here, you have deleted the configuration policies but not the self managed associations due to the error persists.
RESOLUTION:
- To check the policy associations in the account, please run the list-configuration-policy-associations command to list all associations in the account .
$ aws securityhub list-configuration-policy-associations
sample output: { "ConfigurationPolicyAssociationSummaries": [ { "ConfigurationPolicyId": "SELF_MANAGED_SECURITY_HUB", "TargetId": "r-nlf3", "TargetType": "ROOT", "AssociationType": "APPLIED", "UpdatedAt": "2024-04-03T20:01:57.208000+00:00", "AssociationStatus": "SUCCESS" } ] }
- Next, you must run the start-configuration-policy-disassociation command to disassociate all policy associations from the accounts/OUs/Root as required.
$ aws securityhub start-configuration-policy-disassociation —configuration-policy-identifier "SELF_MANAGED_SECURITY_HUB" —target '{"RootId": "r-nlf3"}'
- Once you run the above command for all the associations, you can switch to local configuration using the below command:
$ aws securityhub update-organization-configuration —no-auto-enable —organization-configuration '{"ConfigurationType": "LOCAL"}'
- After executing the above command successfully, you can go ahead disable SecurityHub.
Hope this information helps. Please feel free to reach out for any further queries.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há um ano