Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Is it safe to delete OrganizationAccountAccessRole after creating an account?

0

I've created a new account that is intended to hold production infrastructure and is thus meant to be locked down to a small set of users.

However, we have a bunch of stuff already in our (only) management account.

The OrganizationAccountAccessRole as created by AWS Organizations has broad permissions and can be assumed by anyone in my management account. Is it safe to delete that OrganizationAccountAccessRole assuming I have other roles that can be used for day-to-day work in the new prod account?

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS OrganizationsAWS Account ManagementSecurity, Identity, & Compliance
Language
English
asked 7 months ago94 views
1 Answer
0

Hello.

Yes, you can delete it.
If you have other roles that you can use for your daily work, you can delete them without any problems.
This is basically an IAM role used by the Organizations management account, so setting an IAM policy such as ReadOnlyAccess will be useful when troubleshooting.
https://repost.aws/knowledge-center/organizations-member-account-access

EXPERT
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content