Close an AWS Account in an Organization

ACM.168 Challenges and risks related to removing AWS accounts, OUs, and organizations

Teri Radichel

Published in

Cloud Security

12 min readFeb 26, 2023

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: AWS Security | DevOps | AWS Organizations

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the last post we took a look at our architecture for integrating AWS with Okta as an Identity Provider using SAML.

AWS SAML Federation to Okta Architecture

ACM.167 Architectural components and separation of duties

medium.com

Now what I want to do is delete the AWS Organization infrastructure I created via the command line and deploy it with CloudFormation.

Note: There has been a great deal of interest in this post for whatever reason.

Make sure that you have locked down the ability for the root user of a child account to remove accounts from an AWS Organization by implementing SCPs as I described here:
https://medium.com/cloud-security/root-ou-service-control-policies-d2c18fd0b21e

I mention the challenges with those SCPs in a follow on post and will…

Close an AWS Account in an Organization

ACM.168 Challenges and risks related to removing AWS accounts, OUs, and organizations

AWS SAML Federation to Okta Architecture

ACM.167 Architectural components and separation of duties

Written by Teri Radichel