If I delete my main root account, will it also delete member accounts that I have in AWS Organizations?


I just wanted to do the AWS Control Tower lab and it has turned out to be a big mess while trying to cleanup afterwards. At this point I just want to close my account, but I am unsure of what happens with the member accounts that I have created.

I have stopped all services that could be stopped for each of the member accounts. I have also deleted resources for each with the exception of some cloud formation stacksets, OUs, and the member accounts themselves that I can't delete for one reason or another. I have done this for each account via each account's VPC page (to see all services) and then the Resources Tag Editor search for active resources.

I did try to unmanage the accounts and I have provided payment information for each. But I still can't remove them from the Org because the phone number is not yet verified for each account. For this I have contacted support, but again I really just want to forget this nightmare :D

If I delete my main root account that was used to create the Landing Zone, will it also remove the Log Archive, Audit, and the management account that were created during the lab? https://catalog.workshops.aws/control-tower/en-US

Thank you for the assistance...

asked 7 months ago371 views
2 Answers

Hello, James81

The management account cannot be deleted if there are active member accounts. Even if you delete the management account, the member accounts are not deleted. The member account becomes a standalone account, not managed by organizations(and SCPs).

It is recommended to back up and delete the resources in advance in case of any possible billing.

However, the most recommended is to clean up the organization with following steps:

1)unmanage / close the member accounts > 2)delete the management account from the organization > 3)delete the organization

You can also refer to below links:

[+] Unmanage account (AWS Documentation) [+] Close account (AWS Documentation) [+] Closing an AWS account in AWS Control Tower (Youtube)

If I have missed anything or answered wrong, please feel free to ask me again. Also you have any questions, comment please!

profile picture
answered 7 months ago

Thanks Seonju!

I think the order you have provided will be a big help. I have already removed Provisioned Products at least. Unfortunately I am still waiting to hear back from customer service. I have logged into each of the accounts and put in payment info. But if I pick an account other than the mgmt. account and then try to "Remove from organization" in AWS Organizations then I get the below error. I'll have to give it some time maybe and see what they say.

Log Archive (#149457700764): ConstraintViolationException
You cannot remove an account from the organization if the account owner has not completed phone pin verification.
answered 7 months ago