Skip to main content
To disconnect ZapStack from your AWS account, you need to remove the IAM role that grants access. Choose the method that matches how you originally set up the connection.

Option 1: Delete via CloudFormation

If you used the CloudFormation template to set up the connection, this is the recommended approach.
1

Open CloudFormation

Sign in to the AWS CloudFormation Console.
2

Select the correct region

Ensure you’re in the region where you created the ZapStack stack (typically us-east-1).
3

Find the stack

Locate the ZapStack stack in the list. It’s usually named ZapStack or ZapStackRole.
4

Delete the stack

Select the stack and click Delete. Confirm when prompted.
5

Wait for deletion

The stack status changes to DELETE_IN_PROGRESS. Once complete, the stack disappears from the list.
Deleting the CloudFormation stack automatically removes the IAM role and all associated resources.

Option 2: Delete IAM role directly

If you created the IAM role manually or prefer to delete it directly.
1

Open IAM Console

Sign in to the AWS IAM Console.
2

Navigate to Roles

In the left sidebar, click Roles.
3

Find the role

Search for the ZapStack role. It’s usually named ZapStackRole or contains ZapStack in the name.
4

Delete the role

Select the role, click Delete, and confirm by typing the role name when prompted.

What happens after deletion

Once the IAM role is deleted:
  • ZapStack immediately loses access to your AWS account
  • Existing scan data remains in ZapStack until you delete your account
  • Any active schedules (Schedule It) stop working
  • The account shows as disconnected in your ZapStack dashboard

Remove the account from ZapStack

After deleting the IAM role, you can also remove the account from your ZapStack dashboard:
  1. Go to Settings > AWS Accounts in ZapStack
  2. Find the disconnected account
  3. Click Remove to delete it from your workspace
Removing the account from ZapStack deletes all associated scan history and recommendations for that account.