- 최신
- 최다 투표
- 가장 많은 댓글
If you're unable to log in to the AWS Management Console because you've deleted Single Sign-On (SSO) and Control Tower, and you're trying to delete the AWS Organizations but can't because it's not empty. Kindly follow these below steps :- https://docs.aws.amazon.com/signin/latest/userguide/troubleshooting-sign-in-issues.html
Recover Access to the AWS Accounts:- If you have access to the email addresses associated with the AWS accounts, you can initiate a password reset process for each account. This will allow you to regain access to the accounts and manage them through the AWS Management Console.
Contact AWS Support :- if you're unable to recover access to the accounts through the standard password reset process. They may be able to assist you in regaining access to the accounts. Delete or Disable Unused AWS Resources:
Once you regain access to the AWS accounts, review the resources that were provisioned within those accounts. Delete or disable any resources that are no longer needed or associated with the SSO or Control Tower setup. This may include IAM roles, policies, S3 buckets, EC2 instances, VPCs, etc.
Once everything is cleaned up, review and update access controls and permissions for the AWS accounts to ensure that they are configured correctly based on your organization's requirements.
Hope it clarifies and if it does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)
Hi There
Since you still have AWS Organizations configured, you can get the root email address for the individual accounts through the AWS Organizations service console. Navigate to AWS Organizations, select an OU, then select an account. THe root email address will be shown under Account Details.
Once you have the email addresses, you need to do a password reset as specified here: https://repost.aws/knowledge-center/control-tower-account-root-user-access
After you have root access, you can close the accounts.
Even if you cant access the member accounts, you can still close them via AWS Organizations in the management account. Follow the instructions here: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
I already closed all of the accounts, after that what will happen? I still cannot delete the OUs created because I still cannot delete the accounts inside the OUs
Any member account that you close will display a SUSPENDED label next to its account name in the AWS Organizations console for 90 days. See https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html#what-to-expect-after-closure