Two ways to delete AWS accounts
In this article, we will explain how to delete AWS Accounts.
There are 2 convenient ways:
- Using the new Organizations model, which was introduced at the end of March 2022.
This way of deleting AWS accounts is great, since you can manage all closures of accounts directly from the AWS root account. You are not required to log into each individual member account. - Automating the AWS account deletion. This is possible both via the REST API and via the AWS CLI.
1. Delete AWS accounts via the user interface
To be able to close an AWS account, you will need administrator access to the so-called root account. This account hosts all of the individual member accounts (of which you will delete one).
- Go to the AWS organizations page where you can see a hierarchy of all AWS accounts in your organization. Find the AWS account that you want to delete and open it.
- In the detailed view of the AWS Account, you will find a “Close” button on the top right. Click on it.
- This will open up a form that verifies whether you really want to close the AWS account. It will also make you aware of some of the conditions that apply (more on that below)
2. Delete AWS accounts via API or CLI
For those that love automation out there, we are lucky: AWS this time also developed API and CLI methods to close accounts! Read here how this works.
CLI
The process for the AWS CLI is quite trivial. Grab the 12-numbered AWS Account ID and execute the following command:
# How to use
aws organizations close-account --account-id <value>
# Example
aws organizations close-account --account-id 123456789012
Learn more about this CLI command in the AWS CLI documentation.
API
Using the AWS API is also an option. AWS introduced a new CloseAccount
action that can be executed. You will only need the AccountId
to be able to execute this quite trivial operation. Read more in their API documentation on how to use the operation exactly.
Limitations of AWS account deletion
There are some limitations to deleting AWS accounts. We will list them here for you:
- Closing an AWS account does not mean it gets deleted immediately. There is a 90 day grace period in which you have the chance to reopen it again by contacting AWS support. (AWS calls this the “Post-Closure Period”)
- After the post-closure period passes, all content in the account is automatically deleted.
- An organization can in a given month only delete 10% of all of its member accounts. If your organization e.g. has 300 accounts, this means you can close only up to 30 accounts per month. Keep this in mind when designing your cloud tenant deprovisioning process.