All Products
Search

This Product

    Resource Access Management:What do I do if I cannot close my Alibaba Cloud account due to existing RAM resources?

    Document Center

    Resource Access Management:What do I do if I cannot close my Alibaba Cloud account due to existing RAM resources?

    Last Updated:Mar 13, 2026

    You must delete all Resource Access Management (RAM) resources before you close an Alibaba Cloud account. If any RAM resources remain, the account closure fails.

    Verified accounts

    If your Alibaba Cloud account has passed real-name verification, use the RAM console or RAM API to delete the following resources in order:

    1. Delete all RAM users.

      For more information, see Deactivate and delete a RAM user.

    2. Delete all RAM user groups.

      For more information, see Delete a group.

    3. Delete all RAM roles.

      For more information, see Delete a RAM role.

    4. Delete all custom policies.

      For more information, see Delete a custom policy.

    5. Delete all OAuth applications, including enterprise applications and third-party applications.

      For more information, see Delete an application.

    6. Delete all identity providers (IdPs).

      For more information, see Delete a SAML IdP.

    7. Delete all virtual MFA devices.

      When you delete a RAM user, the virtual MFA device bound to the user is automatically deleted. However, orphaned virtual MFA devices may exist if:

      • A binding operation failed, which left an unbound virtual MFA device.

      • You called the CreateVirtualMFADevice operation but did not bind the device to a RAM user.

      To delete orphaned devices, call the ListVirtualMFADevices operation to query all virtual MFA devices, and then call the DeleteVirtualMFADevice operation to delete them.

    8. Reset the default logon suffix.

      1. Find your account ID.

        Log on to the Alibaba Cloud Management Console. Click your profile picture in the upper-right corner, and then click Security Settings. On the Security Settings page, note the account ID.

      2. Change the default logon suffix to the account ID.

        For more information, see RAM user logon suffixes.

    Unverified accounts

    If your Alibaba Cloud account has not passed real-name verification, you cannot access the RAM console. However, other Alibaba Cloud services may have created service-linked roles under your account. Use Cloud Shell or the Alibaba Cloud CLI to delete these roles.

    The following example uses Cloud Shell. To open Cloud Shell, log on to the Alibaba Cloud Management Console and click the Cloud Shell icon (>_) in the top navigation bar.

    1. Query all RAM roles: 

      aliyun ram ListRoles

    2. Identify service-linked roles. For more information, see Service-linked roles.

      Role names that start with AliyunServiceRoleFor are service-linked roles.

    3. Delete the roles.

      • To delete a service-linked role:

        1. Run the following command: 

          aliyun resourcemanager DeleteServiceLinkedRole --force --RoleName $role_name

          Replace $role_name with the actual role name.

        2. Verify the deletion: 

          aliyun resourcemanager GetServiceLinkedRoleDeletionStatus --DeletionTaskId $task_id

          Replace $task_id with the DeletionTaskId returned in the previous step. If Status is SUCCEEDED, the role is deleted.

      • To delete a standard RAM role, run the following command: 

        aliyun ram DeleteRole --force --RoleName $role_name --CascadingDelete true

        Replace $role_name with the actual role name. The --CascadingDelete true flag automatically detaches all policies before deleting the role.

    4. Verify that all roles are deleted: 

      aliyun ram ListRoles

      If no roles are returned, you can proceed to close your Alibaba Cloud account.