Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.
When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager stops collecting and attaching evidence to that delegated administrator account moving forward.
Keep in mind the following cleanup task if you use evidence finder:
Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store.
This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager ignores an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.
When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.
To delete your Audit Manager resource data, see the following instructions:
- DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)
- DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)
- DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)
- DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)
- DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)
At this time, Audit Manager doesn't provide an option to delete evidence for a specific delegated administrator. Instead, when your management account deregisters Audit Manager, we perform a cleanup for the current delegated administrator account at the time of deregistration.
Synopsis
- data DeregisterOrganizationAdminAccount = DeregisterOrganizationAdminAccount' {}
- newDeregisterOrganizationAdminAccount :: DeregisterOrganizationAdminAccount
- deregisterOrganizationAdminAccount_adminAccountId :: Lens' DeregisterOrganizationAdminAccount (Maybe Text)
- data DeregisterOrganizationAdminAccountResponse = DeregisterOrganizationAdminAccountResponse' {
- httpStatus :: Int
- newDeregisterOrganizationAdminAccountResponse :: Int -> DeregisterOrganizationAdminAccountResponse
- deregisterOrganizationAdminAccountResponse_httpStatus :: Lens' DeregisterOrganizationAdminAccountResponse Int
Creating a Request
data DeregisterOrganizationAdminAccount Source #
See: newDeregisterOrganizationAdminAccount
smart constructor.
DeregisterOrganizationAdminAccount' | |
|
Instances
newDeregisterOrganizationAdminAccount :: DeregisterOrganizationAdminAccount Source #
Create a value of DeregisterOrganizationAdminAccount
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:adminAccountId:DeregisterOrganizationAdminAccount'
, deregisterOrganizationAdminAccount_adminAccountId
- The identifier for the administrator account.
Request Lenses
deregisterOrganizationAdminAccount_adminAccountId :: Lens' DeregisterOrganizationAdminAccount (Maybe Text) Source #
The identifier for the administrator account.
Destructuring the Response
data DeregisterOrganizationAdminAccountResponse Source #
See: newDeregisterOrganizationAdminAccountResponse
smart constructor.
DeregisterOrganizationAdminAccountResponse' | |
|
Instances
Generic DeregisterOrganizationAdminAccountResponse Source # | |
Read DeregisterOrganizationAdminAccountResponse Source # | |
Show DeregisterOrganizationAdminAccountResponse Source # | |
NFData DeregisterOrganizationAdminAccountResponse Source # | |
Eq DeregisterOrganizationAdminAccountResponse Source # | |
type Rep DeregisterOrganizationAdminAccountResponse Source # | |
Defined in Amazonka.AuditManager.DeregisterOrganizationAdminAccount type Rep DeregisterOrganizationAdminAccountResponse = D1 ('MetaData "DeregisterOrganizationAdminAccountResponse" "Amazonka.AuditManager.DeregisterOrganizationAdminAccount" "amazonka-auditmanager-2.0-FZ7GH2VR8PBBaoTT7BhtJQ" 'False) (C1 ('MetaCons "DeregisterOrganizationAdminAccountResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))) |
newDeregisterOrganizationAdminAccountResponse Source #
Create a value of DeregisterOrganizationAdminAccountResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:DeregisterOrganizationAdminAccountResponse'
, deregisterOrganizationAdminAccountResponse_httpStatus
- The response's http status code.
Response Lenses
deregisterOrganizationAdminAccountResponse_httpStatus :: Lens' DeregisterOrganizationAdminAccountResponse Int Source #
The response's http status code.