AWS Organizations Close Account Constraint
ACM.220 Beware of the limitations of closing accounts through AWS Organizations
Part of my series on Automating Cybersecurity Metrics. The Code. Also Cloud Governance.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
In the last post I covered the steps to remove or decommission AWS Control Tower.
I’ve heard of companies that create accounts for every single developer in an organization. If you have a lot of developers that could end up being a lot of accounts.
Now recently, unfortunately, some tech companies have had to layoff a number of people at a time. You probably want to close those accounts to reduce costs as well, right?
Well today, I closed less than 10 accounts and got this error:
I can’t close any more accounts through AWS Organizations for 30 days. Why? I have no idea. Even if you aren’t creating any new resources in those accounts you might have things running like security services, CloudTrail logs, etc. I really just want this account to go away? What can I do?
Well, I can attempt to remove it and close it another way. I wrote about some of those options here:
I’m going to try to login as the root user, change the password, add a credit card and close the account. Does that work?
Well, I reset the password successfully but when I tried to login it claimed that I had MFA set up. I don’t recall setting up MFA on this particular account. Oh well, I’ll just reset it…right?
I go through the process of using alternative factors and trying to decipher the captcha over and over again. At the point I get the phone call, I enter the number provided in the email. The bot voice on the phone keeps saying I either didn’t enter a pin or it’s the wrong pin.
What?
Finally it locks me out after numerous attempts.
Ok, now I need to move some other accounts. Let’s see if I am more successful with those. I’ll revisit this later.
Just FYI for the other accounts I was able to get through the process when I took my phone off speaker.
…..⏳…..
Next day. Let’s try this again.
…..⏳…..
Ok back trying again and I get the same error. Authentication failed. I know for a fact that the password is correct. 100%.
Well, what can I do? I reset the password. That works.
Then I go through the process to remove MFA again. I remember to take my phone off speaker and I get through the process OK.
But when I go to login on the website I’ve reset the MFA in my phone browser. I try to login from my web browser on my laptop. No joy. It still wants MFA. Now what?
Well, in this case, I want to just close the account so I click the link to login on the phone. That logs me right in without a user name and password.
I start to try to figure out how to remove the MFA from the root account but then I realize this is one of the accounts I just want to close, so instead I just head over the account page and close it.
Finally.
Now I need to move some accounts. Let’s see if I can do that.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab