2 Answers
- Newest
- Most votes
- Most comments
0
Hi there, The policy you have mentioned needs a correction.
Instead of
account:CloseAccount
use
organizations:CloseAccount
Then the policy will be as follows
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": [
"organizations:CloseAccount",
],
"Resource": "*"
}
]
}
Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html
answered a year ago
0
Hi,
Could you please confirm whether this is working with
"Resource": "*"
and if it is working, please make sure that the account arns you mentioned in resource block is correct.
answered a year ago
Hi, I tested these policy with "Resource": "*" and "Resource": [ "arn:aws:organizations::44444444:account/o-/1234567", "arn:aws:organizations::44444444:account/o-/7890534" ] also. I attached this policy under our admin group in mangement account and member account as well. Still, I can see the close account button when I logged in as IAM user in my member account.
Relevant content
- Accepted Answerasked 5 years ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Thanks for your reply. However I tried the above one as well as the below policy but I can still click the close account button. { "Version": "2012-10-17", "Statement": [ { "Sid": "PreventCloseAccount", "Effect": "Deny", "Action": "organizations:CloseAccount", "Resource": [ "arn:aws:organizations::44444444:account/o-/1234567", "arn:aws:organizations::44444444:account/o-/7890534" ] } ] }