How do I remove a member account from an organization in AWS Organizations when I can't sign in to the member account?

3 minute read
1

I want to remove a member account from an organization and turn that account into a standalone account. However, I can't sign in to the member account. What should I do?

Resolution

To gain access to a member account in an organization, first try the following:

  • Contact the administrator of the member account and ask them to grant you access.
  • If you have access to the email address associated with the account, but have forgotten the password, reset the password.

If the preceding steps don't work, use AWS Identity and Access Management (IAM) to assume an administrator's role for the account:

Add permissions to assume an administrator's IAM role for the member account. For more information, see Accessing a member account that has a management account access role. Then, switch to the IAM role in the AWS Management Console. After you assume the OrganizationAccountAccessRole for the member account, do the following:

  1. Open the IAM console, choose Users from the navigation pane, and then choose Add user.
  2. Enter a user name, and then select AWS Management Console access.
  3. Select Custom password, and then enter a password.
  4. Clear Require password reset.
  5. Choose Next: Permissions.
  6. Choose Attach existing policies directly, choose AdministratorAccess from the list of policies, and then choose Next: Tags.
  7. (Optional) On the Add tags page, enter values for Key and Value.
  8. Choose Next: Review.
  9. Review the details of your new IAM user, and then choose Create user.

After you complete these steps, verify the necessary details, and then remove the member account from the organization.

Note: If you want to close a member account and make sure that additional charges aren't incurred, open the AWS Organizations console. Then, follow the instructions at Closing an AWS account. You can also close the account by signing in as the root user of your member account.


Related information

Accessing and administering the member accounts in your organization

How do I remove a member account from an organization's consolidated bill in AWS Organizations?

AWS OFFICIAL
AWS OFFICIALUpdated a year ago
2 Comments

If the member account is created via aws organizations and has a dummy email you cannot delete the account from console. Because you need to be root to manage the account. In this case:

  1. Either from console or CLI: Switch role and go into the member account and make sure all resources are deleted, or OK to be deleted.
  2. Go back to the management account and close the member account via CLI: aws organizations close-account --account-id 123456789012
  3. Verify the result, either from CLI or from Organizations console. The member account must have gone into "Suspended" state.

Hint: aws organizations close-account seems to be added recently. Make sure your aws CLI is up to date

replied 4 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 4 months ago