AWS Account Closure Limit Exceeded – ConstraintViolationException Error
ConstraintViolationException – You have exceeded the close account quota for the past 30 days.
Did you know that there is a close account quota in AWS? No, me neither. But I stumbled upon this error when I was closing lots of old accounts. We had migrated loads of accounts to a new AWS Organization, and as part of the tidying up, I was asked to close lots of accounts. That’s when I hit this annoying error.
The good news is the fix is easy, provided you have access to the root account on your AWS account.
This is what AWS Support had to say:
TLDR: Do not remove the account in AWS organizations, instead delete the account using the root account (the one you created the account with)
What You Need to Know Before Closing Your Account
Here are some important things to know before trying to close any AWS account.
- Closing your account will terminate the AWS Customer Agreement for this account.
- Back up any resources or data you want to keep, as they will be deleted upon permanent closure.
- You can reopen your account within 90 days (the post-closure period).
- You remain responsible for all outstanding fees and charges.
- You will no longer be able to access AWS services after closure, except to view past billing information or contact AWS Support during the post-closure period.
- You can’t use the same email address for another AWS account after closure.
- If you’ve enabled MFA, it’s not removed automatically; consider deactivating MFA devices before closure if you want to reuse them.
- For member accounts, the account isn’t removed from the organization until after the post-closure period and you can only close 10% of member accounts within a rolling 30-day period.
- For AWS Marketplace subscriptions, terminate all instances of your software and cancel your subscriptions before closing the account.
- AWS CloudTrail trails continue to exist even after account closure. Consider deleting trails before closing the account.
How to Close Your AWS Account
This procedure explains how to close your account, this is only relevant if you have hit your deletion limit in AWS Organizations. You must have access to the AWS root account credentials, or at least the root email address so you can reset your password. If you use a secure key fob for access, you will need this to hand as well.
Step 1 – Sign Into Your AWS Account
Sign in to the account you want to close. You don’t need to worry about setting the region.
- Open your web browser and go to the AWS Management Console.
- Enter your root user credentials and sign in.
Step 2 – Navigate to Your Account
Now navigate to the account closure page in the console. Please note that this step cannot be done via an API call.
- Look at the top right corner of the console. You’ll see your account name or number.
- Click on your account name or number.
- From the dropdown menu, select “Account”.
Step 3 – Initiate Closure
- On the Account page, you will see a button labeled “Close account”. Click on it.
- A dialog box will appear. It will display your account ID and ask you to type it in to confirm you understand the account closure process.
- Type in your account ID.
- Once you’ve typed in your account ID, the “Close account” button in the dialog box will become active. Click on it.
Your account is now closed!
Step 4 – Receive Confirmation
- Within a few minutes, check your email. You should have received an email from AWS confirming that your account closure process has begun.
Important: Remember that closing your AWS account is a permanent action. Make sure you have backed up any important data and understand the implications before proceeding. If you have any questions or concerns, reach out to AWS Support for assistance.
What to Expect After You Close Your Account
Make sure you move your accounts in AWS Organizations to the suspended OU. This will remove them from your SSO login pages,
- You will receive an email confirming the closure.
- Any member account you close will display a “SUSPENDED” label.
- Access requests from other accounts should fail.
- You can reopen your account within the 90-day post-closure period.
- After the post-closure period, AWS permanently closes your account and deletes all content and resources.
Reopening Your AWS Account
In the unlikely event, you need to get back into the account, you must get in touch with AWS Support. After 90 days? The account is gone completely, you can’t get the data back. Never Ever, impossible!!!!!!
- Contact AWS Support as soon as possible.
- Full payment of any outstanding balance must be received within 60 days from the date of account closure.
Important Considerations
- Account Dependencies: Ensure no dependencies or resources in other AWS services prevent closure.
- AWS Organizations Quotas: Review the quotas to understand any limitations.
- Permanent Closure: Closing an AWS account is permanent after the post-closure period.
- Troubleshooting: If you experience any issues, refer to the AWS documentation on troubleshooting account closure.
Recent Comments