All Products
Search

This Product

    Resource Access Management:What do I do if I cannot close my Alibaba Cloud account due to existing RAM resources?

    Document Center

    Resource Access Management:What do I do if I cannot close my Alibaba Cloud account due to existing RAM resources?

    Last Updated:Mar 06, 2026

    You must delete all Resource Access Management (RAM) resources before you close an Alibaba Cloud account. If any RAM resources remain, the account closure fails.

    Verified accounts

    If your Alibaba Cloud account has passed identity verification, use the RAM console or RAM APIs to delete the following resources in order:

    1. Delete all RAM users.

    2. Delete all RAM user groups.

    3. Delete all RAM roles.

    4. Delete all custom policies.

    5. Delete all identity providers (IdPs).

    6. Delete all virtual MFA devices.

      When you delete a RAM user, the virtual MFA device bound to the user is automatically deleted. However, orphaned virtual MFA devices may exist if:

      • A binding operation failed, which left an unbound virtual MFA device.

      • You called the CreateVirtualMFADevice operation but did not bind the device to a RAM user.

      To delete orphaned devices, call the ListVirtualMFADevices operation to query all virtual MFA devices, and then call the DeleteVirtualMFADevice operation to delete them.

    7. Reset the default logon suffix.

      1. Find your account ID.

        Log on to the Alibaba Cloud Management Console. Click your profile picture in the upper-right corner, then click Security Settings. On the Account Center Overview page, note the account ID.

      2. Change the default logon suffix to the account ID.

        For more information, see Manage the logon suffixes of RAM users.

    Unverified accounts

    If your Alibaba Cloud account has not passed identity verification, you cannot access the RAM console. However, other Alibaba Cloud services may have created service-linked roles under your account. Call APIs or use the Alibaba Cloud CLI to delete these roles.

    The following example uses Cloud Shell. To open Cloud Shell, log on to the Alibaba Cloud Management Console and click the Cloud Shell icon (image) in the top navigation bar.

    1. Query all RAM roles: 

      aliyun ram ListRoles

    2. Identify service-linked roles.

      Role names that start with AliyunServiceRoleFor are service-linked roles.

    3. Delete the roles.

      • To delete a service-linked role:

        1. Run the following command:

          aliyun resourcemanager DeleteServiceLinkedRole --secure --force --RoleName $role_name

          Replace $role_name with the actual RAM role name.

        2. Verify the deletion: 

          aliyun resourcemanager GetServiceLinkedRoleDeletionStatus --DeletionTaskId $task_id

          Replace $task_id with the DeletionTaskId returned in the previous step. If Status is SUCCEEDED, the role is deleted.

      • To delete a standard RAM role, run the following command:

        aliyun ram DeleteRole --secure --force --RoleName $role_name --CascadingDelete true

        Replace $role_name with the actual RAM role name. The --CascadingDelete true flag automatically detaches all policies before deleting the role.

    4. Verify that all roles are deleted: 

      aliyun ram ListRoles

      If no roles are returned, you can proceed to close your Alibaba Cloud account.