I'm currently assisting a client whose website was developed by a team they're currently in a legal dispute with. Because of this, a friendly handover isn't an option. One of the tasks I need to complete is revoking access for the developers from AWS. While my client owns the root account of their organization, the problematic developer has control over a sub-account within the organization. My goal is to remove this sub-account, but AWS requires a payment method for it, which the developer is unlikely to provide. I considered shutting down the entire root account in hopes that it would also eliminate the sub-account, but I'm wondering if I have other alternatives. Any suggestions on how to handle this situation?
1 Answer
One option you can take is to create a new Organizational Unit (OU), move that sub-account into it, and apply a "deny all" Service Control Policy (SCP) to that OU. This will effectively halt any new activities and block user access to the problem account while you sort out the legal and billing issues.
So, this would basically disable the account, but it would remain in existence, right?