terraform-aws-control_tower_account_factory icon indicating copy to clipboard operation
terraform-aws-control_tower_account_factory copied to clipboard

Published 20 hours ago verified publisher icon aws-ia

Trigger a CloseAccount API when an account request is deleted

Open billwell-amzn opened this issue 3 years ago • 2 comments

When deleting a Terraform AFT account request (https://github.com/MLaunch/terraform-aft-account-request/commit/8a7400d4e8c6c337aef713d04e3e38a2b7a3105b) a CloseAccount API call should be made to AWS Organizations to close the same account (https://docs.aws.amazon.com/organizations/latest/APIReference/API_CloseAccount.html)

billwell-amzn avatar Aug 24 '22 16:08 billwell-amzn

Thanks @billwell-amzn for the suggestion! The CloseAccount API does not allow for de-registration of accounts at the scale we need. We do have a backlog for more automation of the delete lifecycle of AFT, as this is an area we'd like to improve.

balltrev avatar Aug 24 '22 18:08 balltrev

Pay attention!

Double check what is the right workflow to correctly decommission an AFT created account.

You must then un-enroll it from CT.

And finally close it (account email would be lost forever for example, maybe you would change it first) from Organizations.

drAlberT avatar Jan 08 '23 17:01 drAlberT