Revoking Aimably's AWS Access

Aimably Documentation > Data Integrations > Revoking Aimably's AWS Access

When integrating with your AWS Organization, a Stack is initially implemented in your managing account. Then, Aimably uses that Stack to both automatically generate a Role for itself to gain access to your organization and to automatically generate a StackSet and its corresponding StackSet instances to establish a trusted access connection to member accounts. To revoke Aimably's access, all Roles, StackSet instances, StackSets and Stacks must be removed.

Aimably uses roles with limited permission sets to work with your AWS account(s) and organization(s). Only IAM users with advanced permissions in AWS accounts can add or remove these roles. Therefore, revoking Aimably's access to your AWS organization must be performed in your AWS Management Console.

Remove Aimably's Role-Based Access to Organization

Aimably's access is granted via a custom IAM role that is prefixed with the name 'Aimably-IAM-Role.' To revoke access, start by signing in to the managing account's AWS Management Console with a user possessing sufficient permissions to create IAM StackSets, roles, and policies in that account.'

Next, in the search bar at the top of the page type 'IAM' and select the first option in the Features search results to launch the IAM manager.

Next, select 'Roles' from the left side menu in the IAM manager.

Then, find the Aimably-IAM-Role in the list of permitted roles. Check the box next to the role name and click Delete.

Congratulations! Basic Aimably access to your AWS organization has been revoked. No future data can be synced with Aimably.

Remove Aimably's StackSet-Based Access to Member Accounts

Start by typing 'StackSets' into the search bar at the top of the page and select the first option in the Features search results to launch the StackSets manager, or clicking this link: https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacksets

Next, find the Aimably StackSet and click on the name.

Using the Actions button in the top right of the screen, click Delete Stacks. 

Enter the parent OU identifier into the deletion dialog, then select Next, then Submit.

If you do not have this value easily available, please follow the instructions below to source it:

1. Opening the following link in a new tab: https://us-east-1.console.aws.amazon.com/organizations/v2/home/accounts

2. Find the ID listed right under the Root name.

Use the Refresh button until the Delete has succeeded. This process can take some time.

Once all Stack Instances are deleted, use the Actions button to delete the StackSet entirely.

Congratulations! StackSet Access between your managing and member accounts has been removed.

Remove Aimably's Ability to Grant Itself Role-Based Access

From the left-hand navigation in the CloudFormation screen, click on Stacks.

Search the Stacks for “Aimably” to find your Stack.

Click on the Stack to open it.

Click on the blue outlined Delete button on the upper right corner.

When presented with the confirmation screen, click Delete.

Use the Refresh button to monitor the Delete progress.

It will disappear once deleted.

Congratulations! Aimably's ability to generate access into your AWS Organization has been removed.