2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi there, The policy you have mentioned needs a correction.
Instead of
account:CloseAccount
use
organizations:CloseAccount
Then the policy will be as follows
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": [
"organizations:CloseAccount",
],
"Resource": "*"
}
]
}
Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
répondu il y a un an
0
Hi,
Could you please confirm whether this is working with
"Resource": "*"
and if it is working, please make sure that the account arns you mentioned in resource block is correct.
répondu il y a un an
Hi, I tested these policy with "Resource": "*" and "Resource": [ "arn:aws:organizations::44444444:account/o-/1234567", "arn:aws:organizations::44444444:account/o-/7890534" ] also. I attached this policy under our admin group in mangement account and member account as well. Still, I can see the close account button when I logged in as IAM user in my member account.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
Thanks for your reply. However I tried the above one as well as the below policy but I can still click the close account button. { "Version": "2012-10-17", "Statement": [ { "Sid": "PreventCloseAccount", "Effect": "Deny", "Action": "organizations:CloseAccount", "Resource": [ "arn:aws:organizations::44444444:account/o-/1234567", "arn:aws:organizations::44444444:account/o-/7890534" ] } ] }