GuardDuty / Client / disassociate_members



Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs.

When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.

With autoEnableOrganizationMembers configuration for your organization set to ALL, you’ll receive an error if you attempt to disassociate a member account before removing them from your organization.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_members(
  • DetectorId (string) –


    The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.

  • AccountIds (list) –


    A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.

    • (string) –

Return type:



Response Syntax

    'UnprocessedAccounts': [
            'AccountId': 'string',
            'Result': 'string'

Response Structure

  • (dict) –

    • UnprocessedAccounts (list) –

      A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

      • (dict) –

        Contains information about the accounts that weren’t processed.

        • AccountId (string) –

          The Amazon Web Services account ID.

        • Result (string) –

          A reason why the account hasn’t been processed.


  • GuardDuty.Client.exceptions.BadRequestException

  • GuardDuty.Client.exceptions.InternalServerErrorException