Summary

Teri Radichel discusses the challenges and potential bugs encountered when deleting AWS CloudFormation Organizations Account stacks, including issues with account renaming and email association.

Abstract

Teri Radichel has experienced persistent issues with creating, deleting, and recreating AWS accounts using AWS CloudFormation. Despite some improvements from AWS, she encountered a situation where an account stack could not be deleted from the main page, but only from within the stack's details. This led to the discovery of a possible bug where the stack's deletion status did not update on the main page, yet it showed as DELETE_IN_PROGRESS when attempting deletion from the stack details page. Additionally, she found that an error related to an export dependency was preventing the deletion. Radichel also notes that AWS Organizations accounts cannot have their primary email addresses changed through the console after closure, which disrupts her naming scheme and results in the account being associated with her for an extended period.

Opinions

Radichel believes there may be a bug in the AWS CloudFormation interface due to the inconsistent behavior when deleting account stacks.
She expresses frustration with the inability to rename an AWS account in AWS Organizations, even as the root user.
Radichel is dissatisfied with the limitation of only being able to change alternate contacts and not the primary email address in the AWS console after an account is closed.
The account closure process being in a pending state has caused inconvenience, as it prevents immediate actions such as email changes or account renaming.
The inability to rename or change the primary email of an AWS account after closure is seen as an annoyance that interferes with her organizational scheme.

Deleting AWS Account Stacks

Just figured something out about deleting AWS CloudFormation Organizations Accounts stacks

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I’ve had issues trying to create, delete, and recreate AWS accounts using AWS CloudFormation in the past. I think AWS may have fixed some, but not all of the issues.

Once I deleted an account I was able to create a new account with the same name and email which is cool. I’m about to try it again to make sure I’m not hallucinating.

However, I had an issue before where a stack was in a bad state and I couldn’t delete it or adjust the account.

I figured out that I cloud close the account, and then I couldn’t delete the stack. I noticed the account closure was in a pending state. I know I deleted a stack for a closed account just the other day, so I went off and did some other things and came back to it, but I still couldn’t delete the stack from the main page with the list of events.

But when I clicked into the details of the stack, there’s another delate button. When I clicked that button, I was able to delete the stack.

The status then changed to DELETE_IN_PROGRESS which it never did from the main page.

Is this a bug? It seems like a bug.

Then on this screen, I can see the status eventually change back with an error that something is relying on an export. Aha. Got it.

Well, I fixed that issue but now I’m back to this frustrating problem — which I cannot fix.

Can’t Rename Account in AWS Organizations

Seems like you should be able to do anything if logged in as the root user??

medium.com

As you can see from the screens above you can only change the alternate contacts not the AWS account primary email in the console.

Since I already closed the account I couldn’t login and change it that way. I thought since the accounts could have the same names after closing and opening a new one they could have the same emails now too but nope. Annoying. This messes up my whole naming scheme and this account will be stuck associated with my account for like 90 days.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab