Phase 1 โ Pre-Closure Assessment & Planning
Goal: Confirm business need, identify cost and compliance impact before touching resources.
1. Inventory & Cost Review
- Generate a complete cross-region inventory with:
- AWS Resource Explorer
aws resourcegroupstaggingapi get-resources- AWS Config and Trusted Advisor
- Review Cost Explorer โ Last 3 months for anomalies.
- List active Reserved Instances (RIs), Savings Plans, and Marketplace subscriptions.
- Note any active Direct Connect, Dedicated Hosts, or Elastic IPs (common hidden cost centers).
2. Stakeholder & Compliance Approval
- Confirm with application, finance, and compliance owners that the account can be retired.
- Document decision in your Org change log / Confluence / ticket.
- Capture last backup requirement or legal retention if any.
Phase 2 โ Resource Cleanup (Recommended for Zero Residual Cost)
While AWS allows closure without cleanup, costs persist until resources are deleted or RIs expire.
Clean up to prevent hidden post-closure billing.
๐น Critical Items
| Category | Action |
|---|---|
| AWS Marketplace | Cancel every subscription in [Marketplace โ Manage Subscriptions]. Terminate instances that used marketplace AMIs. |
| Reserved Instances & Savings Plans | These continue billing until expiry. Attempt transfer to another Org account via Support. |
| Data Backups | Export or snapshot any S3, RDS, EBS, ECR data you need. Then delete storage to stop meter accrual. |
| Direct Connect & Dedicated Resources | Explicitly delete DX connections, private virtual interfaces, and dedicated hosts to stop port-hour charges. |
| Other Persistent Costs | Release Elastic IPs, delete NAT Gateways (โ $0.045/hr + data), and disable CloudWatch Logs retention if unneeded. |
Phase 3 โ Account Closure Execution
You, as the Management Account Admin, can close member accounts in two AWS-supported ways:
Option 1 โ Console
- Sign in as Management Account โ AWS Organizations
- Choose the target member account
- Click Close account โ Confirm
Option 2 โ CLI (CloudShell)
aws organizations close-account --account-id <member-account-id>
Code language: HTML, XML (xml)AWS automatically:
- Revokes IAM access for that member
- Marks it CLOSED in Organizations
- Freezes new resource creation
Phase 4 โ Post-Closure Monitoring
Billing
- You remain liable for all usage until the closure timestamp.
- Final bill arrives the following month.
- RIs/SPs continue billing until expiry.
- Account remains visible as โCLOSEDโ for 90 days.
Recovery
- Within 90 days โ Contact AWS Support โ Reopen.
- After 90 days โ Permanent deletion (no recovery).
Phase 5 โ Organization-Level Governance & Prevention
| Control | Purpose |
|---|---|
| Service Control Policies (SCPs) | Block creation of cost-bearing resources in deprecated accounts or regions. |
| Budgets & Cost Anomaly Detection | Catch stray spend early. |
| AWS Config & CloudTrail (Org scope) | Track configuration and deletion compliance. |
| Automated Cleanup Scripts | Implement Lambda or Step Functions that auto-delete idle EBS, S3, EIPs. |
| Lifecycle OU Structure | Maintain โActiveโ, โSandboxโ, and โDecommissionedโ OUs for clear separation. |
Recommended Timeline
| Week | Tasks |
|---|---|
| Immediate | Audit account, identify Marketplace subs & DirectConnect links. |
| Week 1 | Back up critical data, cancel Marketplace subs. |
| Week 2 | Delete resources / release IPs / terminate NAT Gateways. |
| Week 3 | Verify zero usage โ Close account via Organizations. |
| Month After | Review final bill & ensure no unexpected charges. |
Common Hidden Costs to Double-Check
โ
NAT Gateways
โ
Elastic IPs (allocated but unused)
โ
CloudWatch Logs retention
โ
EBS Snapshots
โ
Direct Connect ports
โ
Active Savings Plans / RIs
โ
Marketplace licensing
โ
PrivateLink endpoints
Official AWS References
- Close an AWS Account โ AWS Account Management Docs
- Closing a Member Account in AWS Organizations
- Streamlining AWS Organizations Cleanup Strategies โ AWS Cloud Ops Blog
- AWS re:Post โ Decommissioning an Organization Account
Final Action Plan (Summary)
- Audit & Backup โ Inventory, cancel Marketplace subs, note RIs/SPs.
- Clean Up Resources โ Terminate compute, delete storage, remove DX links.
- Verify Zero Spend โ Check Cost Explorer & Budgets.
- Close Account via Organizations (console or CLI).
- Monitor Final Bill & ensure RIs/SPs handled.
- Apply Org-level SCPs & budgets to avoid future waste.
Iโm a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services โ all in one place.
Explore Hospitals
Really appreciated this rundown โ AWS account cleanup is one of those things thatโs easy to skip, but you explained it in a super clear, no-stress way. The step-by-step flow made everything feel much more doable. Great guide.