Scripted Unmanage of Control Tower Managed AWS Accounts prior to Closing

Question

AWS best practice is to unmanage a member account before closing it.  I can use the CloseAccount API to close the account, but the documentation is not clear on a scripted method to unmanage an AWS account.

The closest I can find is the aws servicecatalogue terminate-provisioned-product API but the terms unmanage and terminate appear to have different connotations

My use-case is to be able to fully close a Control Tower managed account inline with AWS best practises.

Accepted Answer

Hi

When you **terminate** the provisioned product in Service catalog (either through the console or the TerminateProvisionedProduct API), you are effectively **un-managing** the account.

Once you terminate the provisioned product, the account will show as "Not Enrolled" in Control Tower.  You can then use the CloseAccount API to close the account.  Once you do that, it will remain in the Suspended state for 90 days.

So if you were scripting this you can:

1. Terminate the provisioned product via TerminateProvisionedProduct API
2. Use [DescribeRecord API](https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeRecord.html) to check the status of the above.  Once fully terminated:
3. Use CloseAccount API to close the account

Scripted Unmanage of Control Tower Managed AWS Accounts prior to Closing

相關內容