aws-security-reference-architecture-examples icon indicating copy to clipboard operation
aws-security-reference-architecture-examples copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

[BUG] GuardDuty service still enabled in the member accounts after deleting the stacks

Open aarthkan opened this issue 1 year ago • 0 comments

Describe the bug

GuardDuty service is still running in the accounts even after deleting all the stacks for the GuardDuty solution. The delegated admin is cleaned up, but the member accounts still have the service enabled. This causes errors during subsequent deployment of the stack.

To Reproduce

Steps to reproduce the behavior:

  1. Deploy the SRA solution for GuardDuty.
  2. Once completed successfully, delete the stacks
  3. Re-deploy the stacks as-is and check for errors.
  4. Error returned - "message": "Unprocessed Member Accounts"

Expected behavior

The service should be completely disabled in all member accounts in the Organization.

Screenshots

NA

Deployment Environment (please complete the following information)

  • Deployment Framework [e.g. Customizations for Control Tower and CloudFormation StackSets]: Customizations for Control Tower and CloudFormation StackSets
  • Deployment Framework Version [e.g. 1.0, 2.0]:

Additional context

aarthkan avatar May 12 '23 15:05 aarthkan