September 23, 2024 in AWS, AWS Control Tower, AWS Organisations by Michael O'Leary3 minutes
AWS Control Tower is a service that simplifies setting up and governing a secure, multi-account AWS environment. It is designed for organisations that want to establish and manage their AWS infrastructure following AWS best practices.
However sometimes we need to close accounts in AWS this can happen when we retired application or resource in an environment or when a developer’s sandbox leaves the company, but what is an AWS account. An AWS account is essentially a container for resources and services in Amazon Web Services (AWS). It allows users to:
Access AWS services: Provides access to various cloud services such as computing power (EC2), storage (S3), and databases (RDS).
Manage resources: Each AWS account has its own resources and billing. It isolates resources, making it easier to manage them and creates and an immediate IAM boundary around resournces.
Track usage and costs: You can monitor and control billing, set budgets, and optimize usage.
Ensure security and compliance: Offers tools like IAM (Identity and Access Management) to control access and protect data.
AWS accounts multi-account environments are crucial for managing cloud environments efficiently but at the end of an application lifecycle it can be sometime easier to close an account rather than clean the account of individual resources.
[!CAUTION] Note: This is a destruction change and should only be used when you are certain that there are no remain resources you wish to keep in the account.
To close an AWS account in AWS Control Tower follow the steps below:
Login in to the Master Account of Organisation.
Navigate to the Service Catalog
In the left navigation pane, choose Provisioned products list.
Note: Terminating a provisioned product in Service Catalog will not close the account, but it will leave it as unmanaged from a AWS Control Tower perspective. To close the account this can be completed with AWS Organisations.
close account
.Note: this is a destructive account and will delete all resources in the account within 90 days. You should receive an email with the subject from AWS Account Closure Confirmation
from email address no-reply@amazonaws.com
with confirmation of the accout closure.