Before you close an Alibaba Cloud account, you must delete all the Resource Access Management (RAM) resources of the Alibaba Cloud account. Otherwise, the Alibaba Cloud account cannot be closed.
- If your Alibaba Cloud account has passed real-name verification, you can use the RAM console or RAM API to delete the custom resources of the account. Perform the following operations:
- Delete all RAM users.
For more information, see Delete a RAM user.
- Delete all RAM user groups.
For more information, see Delete a RAM user group.
- Delete all RAM roles.
For more information, see Delete a RAM role.
- Delete all custom policies.
For more information, see Delete a custom policy.
- Delete all identity providers (IdPs).
For more information, see Delete a SAML IdP.
- Delete all virtual multi-factor authentication (MFA) devices.
In most cases, when a RAM user is deleted, the virtual MFA device that is bound to the RAM user is automatically deleted. However, a virtual MFA device cannot be deleted in the following cases:
- You attempted to bind a virtual MFA device to a RAM user but the binding operation failed. In this case, a virtual MFA device was generated but is not bound to a RAM user. A virtual MFA device can be bound to a RAM user by the RAM user itself or by a RAM user that has the administrative rights.
- You created a virtual MFA device by calling the CreateVirtualMFADevice operation but you did not bind it to a RAM user.
To resolve the issue, you can call the ListVirtualMFADevices operation to query all the virtual MFA devices of the current Alibaba Cloud account. Then, call the DeleteVirtualMFADevice operation to delete these virtual MFA devices.
- Change the default domain name.
- View your account ID.
Log on to the Alibaba Cloud Management Console. In the upper-right corner, move the pointer over the profile picture and click Security Settings. On the Security Settings page, view the account ID.
- Change the default domain name by using the account ID.
For more information, see View and modify the default domain name.
- View your account ID.
- Delete all RAM users.
- If your Alibaba Cloud account has not passed real-name verification, you cannot use
RAM. However, you may have created RAM roles to use other cloud services. In this
case, you can use the RAM API or a CLI to delete these roles.
Cloud Shell is used as an example to show how to delete RAM roles.
- Run the following command to query the RAM roles of the account:
aliyun ram ListRoles
- Check whether the RAM roles to be deleted are service-linked roles. For more information,
see Service-linked roles.
Roles that start with "AliyunServiceRoleFor" are service-linked roles.
- Deletes RAM roles.
- Perform the following steps to delete a service-linked role:
- Run the following command to delete the service-linked role:
aliyun resourcemanager DeleteServiceLinkedRole --secure --force --RoleName $role_name
Replace
$role_name
with the actual role name. - Run the following command to check whether the service-linked role is deleted:
aliyun resourcemanager GetServiceLinkedRoleDeletionStatus --DeletionTaskId $task_id
Replace
$task_id
withDeletionTaskId
that is returned in the previous step. If the returnedStatus
isSUCCEEDED
, the service-linked role is deleted.
- Run the following command to delete the service-linked role:
- Run the following command to delete a standard service role:
aliyun ram DeleteRole --secure --force --RoleName $role_name --CascadingDelete true
Replace
$role_name
with the actual role name.
- Perform the following steps to delete a service-linked role:
- Run the following command to check whether all the RAM roles of your account are deleted:
aliyun ram ListRoles
- Run the following command to query the RAM roles of the account: