When you have an AWS Organization set up, which is a prerequisite also for the centralised root credentials management feature, you shouldn't log on as root in a member account to close it. Instead, you should close the member account from the AWS Organizations management account: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html

The only AWS account you'd need root credentials to close is the management account of the org, which is also exempt from the centralised root credentials management feature, meaning that its root user always has active credentials.

At this link, https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks notice the text that I have bolded below.

Tasks that require root user credentials

We recommend that you configure an administrative user in AWS IAM Identity Center to perform daily tasks and access AWS resources. However, you can perform the tasks listed below only when you sign in as the root user of an account.

To simplify managing privileged root user credentials across member accounts in AWS Organizations, you can enable centralized root access to help you centrally secure highly privileged access to your AWS accounts. Centrally manage root access for member accounts lets you centrally remove and prevent long-term root user credential recovery, improving account security in your organization. After you enable this feature, you can perform the following privileged tasks on member accounts.

• Remove member account root user credentials to prevent account recovery of the root user. You can also allow password recovery to recover root user credentials for a member account.

• Remove a misconfigured bucket policy that denies all principals from accessing an Amazon S3 bucket.

• Delete an Amazon Simple Queue Service resource-based policy that denies all principals from accessing an Amazon SQS queue.

Once you have enabled the central management you can perform privileged tasks on an AWS Organizations member account from your organization management or delegated administrator account. One of the privileged tasks is to reenable the root user credentials for a member account. Follow this link for instructions on how to take a privileged action on a member account via the Console, CLI, or API.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user-privileged-task.html

Once you reenable the root user, you should be able to close the account.

Perform a privileged task on an AWS Organizations member account

The AWS Organizations management account or a delegated administrator account for IAM can perform some root user tasks on member accounts using short-term root access. These tasks can only be performed when you sign in as the root user of an account. Short-term privileged sessions give you temporary credentials that you can scope to take privileged actions on a member account in your organization.

Once you launch a privileged session, you can delete a misconfigured Amazon S3 bucket policy, delete a misconfigured Amazon SQS queue policy, delete the root user credentials for a member account, and reenable root user credentials for a member account.

Hope this clarifies the process!

Guidance/recommendation from AWS is not to store any root credentials for member accounts. We released new guidance using Central Root Access Management. With this new feature you don't have to manage root credentials. Enable this feature and delete root credentials from central management account and you are secure and safe. If you have to get root credentials , you can request account recovery from management account without having member account root credential's https://repost.aws/articles/ARIppLTq8lTaifWGqxGfAaDg/securing-the-cloud-the-evolution-and-future-of-aws-root-access-management-mfa-integration-and-mfa-adoption-timelines-for-enhanced-security-design https://aws.amazon.com/blogs/security/secure-root-user-access-for-member-accounts-in-aws-organizations/

With AWS Organizations, management/delegated account admin can now close a member account directly from the management account/delegated account without requiring direct access to the root user credentials of the member account.