V1.4.0 and later

Stack deployment

Remove the automated-security-response-member.template from each member account.
Remove the automated-security-response-admin.template from the admin account.

StackSet deployment

For each StackSet, remove stacks, then remove the StackSet in the reverse order of deployment.

Note that IAM roles from the automated-security-response-member-roles.template are retained even if the template is removed. This is so that remediations using these roles continue to function. These SO0111-* roles can be manually removed after verifying that they are no longer in use by active remediations, such as CloudTrail to CloudWatch logging, or RDS Enhanced Monitoring.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

V1.3.x

Administrator guide