SCP to Allow Closing and Removing AWS Accounts — Part 1

ACM.182 Only allow closing and removing accounts moved to an organizational unit for suspended accounts

Part of my series on Automating Cybersecurity Metrics. AWS Organizations. Governance. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In the last post I showed you how I performed some troubleshooting on an SCP that wasn’t performing as expected.

Root SCP Fails to Disable Root Actions — Troubleshooting SCPs

In this post we’re going to look at how to allow removal of AWS accounts when we actually need to do that, but deny it in all other cases. I wrote about the steps to remove an AWS account here.

Close an AWS Account in an Organization

You’ll want to understand the steps in advance of trying to perform them because if you do them in the incorrect order you may have some challenges (depending on what you are trying to to do.)