By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Deleted AWS Control Tower and SSO and now cannot disable the other accounts created.

0

All the accounts created in here i cannot login back into it anymore because i already deleted the SSO and Control Tower. I am trying to delete the organizations but i cant because its not empty. I want to disable the accounts but cant log back in

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Control TowerAWS OrganizationsAWS Account Management
Language
English
deloittepocra
asked a month ago229 views
2 Answers
2

If you're unable to log in to the AWS Management Console because you've deleted Single Sign-On (SSO) and Control Tower, and you're trying to delete the AWS Organizations but can't because it's not empty. Kindly follow these below steps :- https://docs.aws.amazon.com/signin/latest/userguide/troubleshooting-sign-in-issues.html

Recover Access to the AWS Accounts:- If you have access to the email addresses associated with the AWS accounts, you can initiate a password reset process for each account. This will allow you to regain access to the accounts and manage them through the AWS Management Console.

Contact AWS Support :- if you're unable to recover access to the accounts through the standard password reset process. They may be able to assist you in regaining access to the accounts. Delete or Disable Unused AWS Resources:

Once you regain access to the AWS accounts, review the resources that were provisioned within those accounts. Delete or disable any resources that are no longer needed or associated with the SSO or Control Tower setup. This may include IAM roles, policies, S3 buckets, EC2 instances, VPCs, etc.

Once everything is cleaned up, review and update access controls and permissions for the AWS accounts to ensure that they are configured correctly based on your organization's requirements.

Hope it clarifies and if it does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)

profile picture
EXPERT
Adeleke Adebowale J
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
1
Accepted Answer

Hi There

Since you still have AWS Organizations configured, you can get the root email address for the individual accounts through the AWS Organizations service console. Navigate to AWS Organizations, select an OU, then select an account. THe root email address will be shown under Account Details.

Once you have the email addresses, you need to do a password reset as specified here: https://repost.aws/knowledge-center/control-tower-account-root-user-access

After you have root access, you can close the accounts.

Even if you cant access the member accounts, you can still close them via AWS Organizations in the management account. Follow the instructions here: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html

profile pictureAWS
EXPERT
Matt-B
answered a month ago
profile picture
EXPERT
Oleksii Bebych
reviewed 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content