AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

How do I remove a member account from an organization in AWS Organizations when I can't sign in to the member account?

3 minute read

I want remove a member account from my organization, but I can't sign in to the member account.

Short Description

To remove a member account from your organization, you must sign into the member account. Additionally, the member account must have the AWS Identity and Access Management (IAM) role OrganizationAccountAccessRole for removal.

Once removed from your organization, the member account becomes a standalone account.

Resolution

To gain access to a member account in an organization, take one of the following actions:

Contact the administrator of the member account and ask them to grant you access.
If you have access to the email address associated with the account but don't know the password, reset the password.
If you don’t have access to the email address, change the email address of the member account in Organizations to an accessible email address.

If the previous steps don't work, you need to use the IAM Console to assume an administrator's role for the account.

Verify that the member account has the OrganizationAccountAccessRole permissions

The member account needs the IAM OrganizationAccountAccessRole with administrative permissions.

If you created the member account with the AWS Organizations Console, then AWS Organizations automatically grants the IAM role OrganizationAccountAccessRole with administrative permissions to the management account.

If the account was invited to the organization, then the IAM role OrganizationAccountAccessRole wasn't automatically created. To create the AWS Organizations administrative role for an invited member account, see Creating OrganizationAccountAccessRole for an invited account with AWS Organizations.

Assume the administrator's IAM role

First, add permissions to assume an administrator's IAM role for the member account. For more information, see Accessing member accounts in an organization with AWS Organizations.

Then, switch from a user to an IAM role with the AWS console. After you assume the OrganizationAccountAccessRole for the member account, complete the following steps:

Open the IAM console.
Choose Users in the navigation pane, and then choose Add user.
Enter a username, and then select AWS Management Console access.
Select Custom password, and then enter a password.
Clear Require password reset.
Choose Next: Permissions.
Choose Attach existing policies directly, and then choose AdministratorAccess from the list of policies.
Choose Next: Tags.
(Optional) On the Add tags page, enter the values for Key and Value.
Choose Next: Review.
Review the details of your new IAM user, and then choose Create user.

Verify the account details, and then remove the member account from the organization.

Note: If you want to close a member account and make sure that additional charges aren't incurred, open the AWS Organizations console. Then, close a member account in an organization with AWS Organizations. You can also close the account by signing in as the root user of your member account. For more information, see AWS security credentials.

Related information

How do I remove a member account from an organization?

Topics: Management & Governance
Tags: AWS Organizations
Language: English

AWS OFFICIALUpdated 6 months ago

2 Comments

If the member account is created via aws organizations and has a dummy email you cannot delete the account from console. Because you need to be root to manage the account. In this case:

Either from console or CLI: Switch role and go into the member account and make sure all resources are deleted, or OK to be deleted.
Go back to the management account and close the member account via CLI: aws organizations close-account --account-id 123456789012
Verify the result, either from CLI or from Organizations console. The member account must have gone into "Suspended" state.

Hint: aws organizations close-account seems to be added recently. Make sure your aws CLI is up to date

Ebrahim Salehi

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

EXPERT

AWS Official

replied 2 years ago

Relevant content

AWS Billing After Removing a Member Account from an Organization
Muhammad Usama
asked 3 months ago
How I can Remove Member Organization with error code ConstraintViolationException (The member account must be configured with a valid payment method, such as a credit card.)?
Accepted Answer
Sean
asked 2 years ago
How to remove member accounts from Organizations?
ankit
asked 4 years ago
How do you change an member account name?
Accepted Answer
Jonathan Fox
asked a year ago
How do deactivate my AWS services when I have a member account listed in the organization?
rePost-User-3078453
asked 3 years ago
How do I remove a member account from an organization?
AWS OFFICIALUpdated 2 years ago
Why do I receive an error when I try to unlink a member account from my organization in AWS Organizations?
AWS OFFICIALUpdated a year ago
How do I activate Enterprise Support for a member account in an AWS organization?
AWS OFFICIALUpdated 2 months ago
How do I move an account from an existing organization to another organization in AWS Organizations?
AWS OFFICIALUpdated a year ago
AWS Trusted Advisor Priority Member Account Experience for Customers
EXPERT
Manas
published a year ago