# Uninstall the solution
<a name="uninstall-the-solution"></a>

Use the following procedure to uninstall the solution with the AWS Management Console.

# V1.0.0-V1.2.1
<a name="v1.0.0-v1.2.1"></a>

For releases v1.0.0 to v1.2.1, use Service Catalog to uninstall the CIS and/or FSBP Playbooks. With v1.3.0 Service Catalog is no longer used.

1. Sign in to the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation/home) and navigate to the Security Hub primary account.

1. Choose **Service Catalog** to terminate any provisioned playbooks, remove any security groups, roles, or users.

1. Remove the spoke `CISPermissions.template` template form the Security Hub member accounts.

1. Remove the spoke `AFSBPMemberStack.template` template form the Security Hub admin and member accounts.

1. Navigate to the Security Hub primary account, select the solution’s installation stack, and then choose **Delete**.

**Note**  
CloudWatch Logs group logs are retained. We recommend retaining these logs as required by your organization’s log retention policy.

# V1.3.x
<a name="v1.3.x"></a>

1. Remove the `automated-security-response-member.template` from each member account.

1. Remove the `automated-security-response-admin.template` from the admin account.
**Note**  
Removal of the admin template in v1.3.0 will likely fail on the Custom Action removal. This is a known issue that will be fixed in the next release. Use the following instructions to fix this issue:  
Sign in to the [AWS Security Hub management console](https://console.aws.amazon.com/securityhub/home).
In the admin account, go to **Settings**.
Select the **Custom actions** tab.
Manually delete the entry **Remediate with ASR**.
Delete the stack again.

# V1.4.0 and later
<a name="v1.4.0"></a>

 **Stack deployment** 

1. Remove the `automated-security-response-member.template` from each member account.

1. Remove the `automated-security-response-admin.template` from the admin account.

 **StackSet deployment** 

For each StackSet, remove stacks, then remove the StackSet in the reverse order of deployment.

Note that IAM roles from the `automated-security-response-member-roles.template` are retained even if the template is removed. This is so that remediations using these roles continue to function. These SO0111-\$1 roles can be manually removed after verifying that they are no longer in use by active remediations, such as CloudTrail to CloudWatch logging, or RDS Enhanced Monitoring.