Title here
Summary here
Control Tower - Closing Accounts
September 23, 2024 in AWS, AWS Control Tower, AWS Organisations by Michael O'Leary3 minutes
Closing Accounts with AWS Control Tower
Overview
AWS Control Tower is a service that simplifies setting up and governing a secure, multi-account AWS environment. It is designed for organisations that want to establish and manage their AWS infrastructure following AWS best practices.
What is an AWS Account?
However sometimes we need to close accounts in AWS this can happen when we retired application or resource in an environment or when a developer’s sandbox leaves the company, but what is an AWS account. An AWS account is essentially a container for resources and services in Amazon Web Services (AWS). It allows users to:
Access AWS services: Provides access to various cloud services such as computing power (EC2), storage (S3), and databases (RDS).
Manage resources: Each AWS account has its own resources and billing. It isolates resources, making it easier to manage them and creates and an immediate IAM boundary around resournces.
Track usage and costs: You can monitor and control billing, set budgets, and optimize usage.
Ensure security and compliance: Offers tools like IAM (Identity and Access Management) to control access and protect data.
AWS accounts multi-account environments are crucial for managing cloud environments efficiently but at the end of an application lifecycle it can be sometime easier to close an account rather than clean the account of individual resources.
[!CAUTION] Note: This is a destruction change and should only be used when you are certain that there are no remain resources you wish to keep in the account.
Closing and AWS Account in AWS Control Tower
To close an AWS account in AWS Control Tower follow the steps below:
Login in to the Master Account of Organisation.
Navigate to the Service Catalog
In the left navigation pane, choose Provisioned products list.
- From the list of provisioned accounts, choose the name of the account that you want AWS Control Tower no longer to manage.
- On the Provisioned product details page, from the Actions menu, choose Terminate.
- From the dialog box that appears, choose Terminate.
- When the account has been unmanaged, its status changes to Not Enrolled.
Note: Terminating a provisioned product in Service Catalog will not close the account, but it will leave it as unmanaged from a AWS Control Tower perspective. To close the account this can be completed with AWS Organisations.
- Given the unenrolled account is still part of the AWS Organisation we can nativate to AWS Organisations and select the account Id.
- Select the checkbox of the account id that your wish to close and choose close from the termination window.
- In the pop windows, select and copy the account id and paste it into the confirmation window then select
close account.
Note: this is a destructive account and will delete all resources in the account within 90 days. You should receive an email with the subject from AWS Account Closure Confirmation from email address no-reply@amazonaws.com with confirmation of the accout closure.