No longer with Organization. Need to close AWS account but don't have permission

0

Hello

I created an account through a non profit organization which seemed like a good idea earlier. Now the problem is that I logged into it a few days ago to see if I could close the account. It seems as if some of my programs started running and now I am being charged for something I did not even start. I am trying to create a case but apparently I don't have IAM access to create a case with the billing team. I am even unable to ask for an account closure. I left the organization on a "not so good" note so reaching out to them isn't an option. Plese tell me what to do. Thanks

2 Answers
2

Hello, you can try to quit the organization first and then close your aws account.

Here are the steps to quit an organization:

To leave an organization, you must have the following permissions:

  • organizations:DescribeOrganization – required only when using the Organizations console.
  • organizations:LeaveOrganization – Note that the organization administrator can apply a policy to your account that removes this permission, preventing you from removing your account from the organization.
  • If you sign in as an IAM user and the account is missing payment information, the user must have either aws-portal:ModifyBilling and aws-portal:ModifyPaymentMethods permissions (if the account has not yet migrated to fine-grained permissions) OR payments:CreatePaymentInstrument and payments:UpdatePaymentPreferences permissions (if the account has migrated to fine-grained permissions). Also, the member account must have IAM user access to billing enabled. If this isn't already enabled, see Activating Access to the Billing and Cost Management Console in the AWS Billing User Guide.

To leave an organization from your member account

  1. Sign in to the AWS Organizations console at AWS Organizations console. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in a member account. By default, you don't have access to the root user password in a member account that was created using AWS Organizations. If required, recover the root user password by following the steps at Accessing a member account as the root user.
  2. On the Organizations Dashboard page, choose Leave this organization.
  3. In the Confirm leaving the organization? dialog box, choose Leave organization. When prompted, confirm your choice to remove the account. Once confirmed, you are redirected to the Getting Started page of the AWS Organizations console, where you can view any pending invitations for your account to join other organizations. If you see a You can't leave the organization yet message, your account doesn't have all the required information to operate as a standalone account. If this is the case, proceed to the next step.
  4. If the Confirm leaving the organization? dialog box displays the message You can't leave the organization yet, choose the Complete the account sign-up steps link.
  5. On the Sign up for AWS page, enter all of the required information necessary for this to become a standalone account. This might include the following types of information:
  • Contact name and address
  • Valid payment method
  • Phone number verification
  • Support plan options
  1. When you see the dialog box stating that the sign-up process is complete, choose Leave organization. A confirmation dialog box appears. Confirm your choice to remove the account. You are redirected to the Getting Started page of the AWS Organizations console, where you can view any pending invitations for your account to join other organizations.
  2. Remove the IAM roles that grant access to your account from the organization.

Important

If your account was created in the organization, then Organizations automatically created an IAM role in the account that enabled access by the organization's management account. If the account was invited to join, then Organizations did not automatically create such a role, but you or another administrator might have created one to get the same benefits. In either case, when you remove the account from the organization, any such role isn't automatically deleted. If you want to terminate this access from the former organization's management account, then you must manually delete this IAM role. For information about how to delete a role, see Deleting roles or instance profiles in the IAM User Guide.

answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile pictureAWS
EXPERT
reviewed 2 months ago
1

Hello.

To cancel your AWS account, you must follow the steps in the document below using the AWS account root user (the user who signs in using your email address).
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-closing.html

The root user of your AWS account can sign in using the steps in the document below.
https://docs.aws.amazon.com/signin/latest/userguide/introduction-to-root-user-sign-in-tutorial.html

If you are unable to sign in as a root user because your email address is unknown, I think the best solution is to contact the non-profit organization that you requested to create your AWS account.

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile pictureAWS
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions