How to Remove and Close an AWS Account from Organizations

by · Published · Updated

Creating an AWS Account is straightforward, but there are instances when you need to completely close an AWS Account, especially when managing AWS Organizations or dealing with sandbox accounts. This guide focuses on the systematic steps to close an AWS Sandbox account as part of the leavers process. Are you ready to Close an AWS Account?

Table of Contents

Close an AWS Account Procedure

Step 1: Preparation

1.1 Ensure Backup:

Before you Close an AWS Account, its essential to back up all essential data and configurations. This includes but is not limited to:

  • Data stored in S3 buckets
  • Configuration settings for EC2 instances
  • Security group rules
  • IAM policies and roles

1.2 Communication:

Communicate the account closure plan with relevant stakeholders to prevent misunderstandings and disruptions to ongoing operations. Provide a checklist of items they should be aware of during the closure process.

Step 2: Log in to the Root Account

Close an AWS Account

2.1 AWS Management Console:

Log in to the AWS Management Console using the credentials of the organization’s management (root) account. For enhanced security, ensure the use of multi-factor authentication (MFA).

Step 3: Move the Account to a Suspended Organizational Unit (OU)

3.1 Navigate to AWS Organizations:

Access the AWS Organizations service from the AWS Management Console.

3.2 Select the Member Account:

Identify and select the member account slated for closure from the list of accounts in your organization.

3.3 Move to Suspended OU:

If not existing, create a new organizational unit (OU) named “Suspended” and move the selected member account to it. This step restricts actions and enables the use of Service Control Policies (SCPs) for root user actions only. Provide instructions on creating the “Suspended” OU if necessary.

Step 4: Reset the Password of the Root User for the Account to be Closed

4.1 AWS IAM:

Navigate to the IAM service in the AWS Management Console. Select the User: Locate and select the root user of the member account to be closed. Reset Password: Reset the password of the selected user to gain access to the account slated for closure. Ensure the chosen password is strong and secure. If MFA has been enabled, you will need to reset MFA as well.

Step 5: Log in to the Account as the Root User

5.1 AWS Management Console:

Log in again to the AWS Management Console, this time using the credentials of the root user of the member account scheduled for closure. Reiterate the use of MFA.

Step 6: Close an AWS Account

6.1 Navigate to Account Settings:

Go to the top right corner of the AWS Management Console, select “My Account,” and navigate to the account settings page.

6.2 Close Account:

Scroll to the bottom of the page and select the “Close Account” option to initiate the closure process.

6.3 Confirm Account Closure:

Read through the warnings and acknowledgments carefully. Confirm your understanding of the consequences before proceeding with the closure.

6.4 Check for Outstanding Bills:

Before closing, ensure there are no outstanding bills or invoices associated with the account to avoid unexpected charges after closure.

6.5 Email Confirmation:

After initiation, check the account’s associated email for a confirmation from AWS. Confirm the closure via the provided link.

Step 7: Verification

7.1 Verify Account Closure:

After a period (typically 90 days), confirm that the account has been successfully closed and all associated resources have been deleted. This can be done through the AWS Management Console or by verifying a confirmation email.

Step 8: Documentation and Reporting

8.1 Document the Closure:

Document the closure details, including the reason and any relevant information. Use a template or create an outline for effective documentation.

8.2 Inform Stakeholders:

Inform relevant stakeholders of the successful closure of the account. Provide them with documentation for reference.

Q&A: Navigating the Closure of an AWS Account

Q1: Why would I need to close an AWS account, especially a sandbox account?

A1: Closing an AWS account, particularly a sandbox account, is essential for various reasons. In scenarios where employees leave a company, closing their AWS sandbox account ensures data security, prevents unauthorized access, and maintains a streamlined AWS environment.

Q2: When you Close an AWS Account, is there a reversible process?

A2: No, closing an AWS account is irreversible. It’s crucial to perform thorough backups and communicate with stakeholders before initiating the closure to avoid unintended consequences.

Q3: How do I prepare to Close an AWS Account?

A3: Preparation involves two key steps:

  • Ensure Backup: Back up all necessary data and configurations.
  • Communication: Communicate the closure plan with relevant stakeholders to prevent disruptions.

Q4: Why move the account to a Suspended Organizational Unit (OU) in AWS Organizations?

A4: Moving the account to a Suspended OU helps restrict actions on the account and allows the use of Service Control Policies (SCPs) to permit only root user actions, enhancing security during the closure process.

Elsewhere On TurboGeek:  Protect AWS Credentials with AWS-Vault

Q5: What is the significance of resetting the password of the root user before closure?

A5: Resetting the password provides the necessary access to the AWS account during the closure process. This step ensures a smooth transition while maintaining control over the account.

Q6: How can I confirm to Close an AWS Account?

A6: After initiating the closure, check the email associated with the account for a confirmation from AWS. Following the provided link in the confirmation email is a crucial step to finalize the closure.

Q7: Why is there a verification period after closing an account?

A7: The verification period, typically around 90 days, allows AWS to ensure the successful closure of the account and the deletion of all associated resources. It’s a safety measure to confirm the account’s closure.

Q8: What documentation is recommended after closing an AWS account?

A8: Document the closure process, including the reason for closure and any pertinent details. This documentation serves as a reference and helps in maintaining a transparent record of actions taken.

Q9: How can I make the closure process seamless for stakeholders?

A9: Keep stakeholders informed throughout the closure process. Once the account is successfully closed, promptly inform relevant stakeholders to ensure everyone is on the same page.

Q10: Any final tips for closing an AWS account without disruptions?

A10: Double-check dependencies, communicate effectively, and ensure thorough documentation. This will help prevent data loss and service disruptions, making the closure process efficient and secure.

Post Views: 127

Tags:

Richard.Bailey

Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate ยป