top | item 31962902

(no title)

dhess | 3 years ago

I'm in the process of doing this now. You can close accounts from Control Tower without needing to log in as root to each separate account, adding a credit card, removing it from the org, and then closing it manually.

However, you can only close them from Control Tower at the rate of 2 to 3 per month, due to a hard limit quota which cannot be changed, even if you request it. Needless to say, this sucks when you've followed AWS's own best practices and created lots of accounts using Control Tower's "vending machine."

AWS's archaic account model is one reason we've switched to GCP.

discuss

Aeolun|3 years ago

It seems to me this cannot possibly be a hard limit. If it’s a hard limit it’s only because AWS wants to milk you dry.

qwerty1793|3 years ago

To be exact, the hard limit is: you cannot delete more than 10% of your organization's accounts (capped at 200) via AWS Organization within a 30 day rolling window. You can always delete an account by going into it as the root user.

https://docs.aws.amazon.com/organizations/latest/userguide/o...

janstice|3 years ago

I suspect it’s a hard limit to prevent disgruntled (former) admin blast radius.