I am curious what happens if an organization wants to close one of its OU’s AWS accounts and the account contains some Glacier archives with vault lock enabled?
Another scenario is: S3 objects with object lock in compliance retention mode.
Many people are pointing out that deleting those files is not possible. [1]
As far as I know, it is not possible to close an AWS account when there are active resources.
Does that mean that features such as Glacier vault locks delay account deletion requests significantly?
Is there a special procedure for this scenario, i.e. special authentication methods to confirm deletion?
References
2 Answers
Hi Martin,
I was leaving this question open to see if anyone knew, but seems like no one has experienced that scenario here. I would think that there would be a restriction on closing an account, or maybe it would take some AWS Support intervention to close it out. However, I can see a scenario where they just get deleted because the AWS Account is the top-level entity and there are all sorts of disclaimers about your data being deleted when you close an account.
–Scott
I have never seen any mention of this particular scenario. The AWS docs clearly state that after the 90 day "post-closure period" all content is deleted:
"After the Post-Closure Period, we permanently close your AWS account, and you can’t reopen it. Any content that you didn’t delete is deleted, and any AWS services that you didn’t terminate are terminated."