Close an AWS Account in an Organization
ACM.168 Challenges and risks related to removing AWS accounts, OUs, and organizations
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: AWS Security | DevOps | AWS Organizations
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post we took a look at our architecture for integrating AWS with Okta as an Identity Provider using SAML.
Now what I want to do is delete the AWS Organization infrastructure I created via the command line and deploy it with CloudFormation.
Note: There has been a great deal of interest in this post for whatever reason.
Make sure that you have locked down the ability for the root user of a child account to remove accounts from an AWS Organization by implementing SCPs as I described here:
https://medium.com/cloud-security/root-ou-service-control-policies-d2c18fd0b21e
I mention the challenges with those SCPs in a follow on post and will…