Remove WAF WebAcl created by Firewall Manager

Question

I am trying to delete a AWS WAF WebAcl that was created using Firewall Manager few months ago, but someone has removed the Firewall Manager policy, probably without ticking the "delete all policy resources" checkbox, so after this the webAcl remains existing, but I can't delete it. When I try to remove the webAcl I got the following error message:

Error You don't have permissions to delete the resource because it's managed by Firewall Manager.

Since the firewall manager policy doesn't exist anymore, I couldn't find a way to delete the loose webacl, no matter if I try via console or CLI, I always get this error message. 
I did a research in AWS docs but didn't find any related topic, so I am wondering if there is a way to delete it.

Answer

Hello AWS Customer,

If an account or resource goes out of scope for any reason, AWS Firewall Manager doesn't automatically remove protections or delete Firewall Manager-managed resources unless you select the Automatically remove protections from resources that leave the policy scope check box.[[1]](https://docs.aws.amazon.com/waf/latest/developerguide/policy-scope.html#when-out-of-scope)

Therefore, in order to delete this WebACL from your account, it has to be done from the "Admin Account".

Hope you will find this information useful.

Have a good day!

Answer

Hello Jisoo,
Thanks for replying.
The AWS Organization where this policy lives only contain 1 member account and I tried to delete the loose webacl using the root of the management account, but got the same error.
There are anything that I'm missing?

Remove WAF WebAcl created by Firewall Manager

関連するコンテンツ