Disqualifying changes to an administrator account
Some changes to an administrator account can disqualify it from remaining an administrator account.
This section describes the changes that can disqualify the an administrator account, and how Amazon and Firewall Manager handle these changes.
Account removed from the organization in Amazon Organizations
If the Amazon Firewall Manager administrator account is removed from the organization in Amazon Organizations, it can no longer administer policies for the organization. Firewall Manager takes one of the following actions:
Account with no policies – If the Firewall Manager administrator account has no Firewall Manager policies, Firewall Manager revokes the administrator account.
Account with Firewall Manager policies – If the Firewall Manager administrator account has Firewall Manager policies, Firewall Manager sends an email to inform you of the situation and to provide options that you can take, with the help of your Amazon sales account representative.
Account closed
If you close the account that you're using for the Amazon Firewall Manager administrator, Amazon and Firewall Manager handle the closure as follows:
Amazon revokes the account’s administrator access from Firewall Manager and Firewall Manager deactivates any policies that were managed by the administrator account. The protections that were provided by those policies are stopped across the organization.
Amazon retains the Firewall Manager policy data for the account for 90 days from the effective date of the administrator account closure. During this 90-day period, you can reopen the closed account.
If you reopen the closed account during the 90-day period, Amazon reassigns the account as the Firewall Manager administrator and recovers the Firewall Manager policy data for the account.
Otherwise, at the end of the 90-day period, Amazon permanently deletes all Firewall Manager policy data for the account.