Error while disabling GuardDuty from delegated admin

Hello,

I would like to inform you that basically this error occurs due to the following two reasons:-

Reason 1:- If there are still one or more than one associated members accounts which are currently not removed.

In this case, you will get the same error message and so you have to remove all the associated member accounts, however, as you said you don’t have any associated members currently. Hence, we can rule out this finding.

Reason 2:- If you have configured a Delegated Admin for GuardDuty from your Organisation master account.

In this case, although the associated member accounts are removed but still you will get the same error message because the Organisation master account has enabled a Delegated Admin account. So, in this case, you have to login to the Organization master/root account, and then have to remove the Delegated Admin account by navigating to the GuardDuty console through the Organisation master/root account ID.

You can refer to the below link, in order to know more about “Delegated Admin”:-

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html

I believe this might be the current scenario of your environment and thus you are getting the error as “The request is rejected because the current account cannot delete detector while it has invited or associated members”. I would request you to follow the below steps:-

STEP1:- Login to your Organization master account.

STEP2:- Navigate to GuardDuty console.

STEP3:- Click on “Settings” and then go to “Delegated Administrator” section.

Here, you will see the Delegated Admin account and then click on “Remove”

Once it is removed, then go to your AWS account and try to disable the GuardDuty once again.

Have a nice day!