Disabling resource sharing with Amazon Organizations - Amazon Resource Access Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Disabling resource sharing with Amazon Organizations

If you previously enabled sharing with Amazon Organizations and you no longer need to share resources with your entire organization or organizational units (OUs), you can disable sharing. When you disable sharing with Amazon Organizations, all organizations or OUs are removed from the resource shares that you have created and they lose access to the shared resources. External accounts (accounts added to the resource share via invitation) will not be impacted, and will continue to be associated with the resource share.

To disable sharing with Amazon Organizations

  1. Disable trusted access to Amazon Organizations using the Amazon Organizations disable-aws-service-access Amazon CLI command.

    $  aws organizations disable-aws-service-access --service-principal ram.amazonaws.com
    Important

    When you disable trusted access to Amazon Organizations, principals within your organizations are removed from all resource shares and lose access to those shared resources.

  2. Use the IAM console, the Amazon CLI, or the IAM API operations to delete the AWSServiceRoleForResourceAccessManager service-linked role. For more information, see Deleting a service-linked role in the IAM User Guide.