How to close a member account Protecting member accounts from closure

Closing a member account in your organization

If you no longer need a member account in your organization, you can close it from the AWS Organizations console following the instructions in this section. You can only close a member account using the AWS Organizations console if your organization is in All features mode.

You can also close an AWS account directly from the Account page in the AWS Management Console after signing in as the root user. For step-by-step instructions, see Close an AWS account in the AWS Account Management Guide.

To close a management account, see Closing a management account in your organization.

How to close a member account

When you sign in to the organization's management account, you can close member accounts that are part of your organization. To do this, complete the following steps.

Important

Before you close your member account, we highly recommend that you review considerations and understand the impact for closing an account. For more information, see What you need to know before closing your account and What to expect after you close your account in the AWS Account Management Guide.

AWS Management Console

To close a member account from the AWS Organizations console

Sign in to the AWS Organizations console.
On the AWS accounts page, find and choose the name of the member account you want to close. You can navigate the OU hierarchy, or look at a flat list of accounts without the OU structure.
Choose Close next to the account name at the top of the page. Organizations in Consolidated billing mode won't be able to see the Close button in the console. To close an account in consolidated billing mode, follow the steps in the Standalone account tab from How to close your account in the AWS Account Management Guide.
Select each check box to acknowledge all required account closure statements.
Enter the member account ID, and then choose Close account.

Note

Any member account that you close will display a SUSPENDED label next to its account name in the AWS Organizations console.

To close a member account from the Accounts page

Optionally, you can close an AWS member account directly from the Accounts page in the AWS Management Console. For step-by-step guidance, follow the instructions in Close an AWS account in the AWS Account Management Guide.

AWS CLI & AWS SDKs

To close an AWS account

You can use one of the following commands to close an AWS account:

AWS CLI: close-account
```
$ aws organizations close-account \
    --account-id 123456789012
```
This command produces no output when successful.
AWS SDKs: CloseAccount

Protecting member accounts from closure

If you want to protect a member account from accidental closure, you can create an IAM policy to specify which accounts are exempt from closure. Any member account protected with these policies can’t be closed. This can't be accomplished with an SCP, because they don't affect principals in the management account.

You can create an IAM policy that denies closing accounts in either of two ways:

Explicitly list each account that you want to protect in the policy by including the arn in the Resource element. To see an example, see Prevent member accounts listed in this policy from getting closed.
Tag individual accounts to prevent them from getting closed. Use the aws:ResourceTag tag global condition key in your policy to prevent any account with the tag from being closed. To learn how to tag an account, see Tagging Organizations resources. To see an example, see Prevent member accounts with tags from getting closed .

Example IAM policies that prevent member account closures

The following code examples show two different methods you can use to restrict member accounts from closing their account.

Prevent member accounts with tags from getting closed

You can attach the following policy to an identity in your management account. This policy prevents principals in the management account from closing any member account that is tagged with the aws:ResourceTag tag global condition key, the AccountType key and the Critical tag value.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PreventCloseAccountForTaggedAccts",
            "Effect": "Deny",
            "Action": "organizations:CloseAccount",
            "Resource": "*",
            "Condition": {
                "StringEquals": {"aws:ResourceTag/AccountType": "Critical"}
            }
        }
    ]
}

Prevent member accounts listed in this policy from getting closed

You can attach the following policy to an identity in your management account. This policy prevents principals in the management account from closing member accounts explicitly specified in the Resource element.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PreventCloseAccount",
            "Effect": "Deny",
            "Action": "organizations:CloseAccount",
            "Resource": [
                "arn:aws:organizations::555555555555:account/o-12345abcdef/123456789012",
                "arn:aws:organizations::555555555555:account/o-12345abcdef/123456789014"
            ]
        }
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Leave an organization from your member account

Closing a management account