Deleting AWS account from Cloud NGFW Portal

cancel
Showing results for 
Search instead for 
Did you mean: 

Deleting AWS account from Cloud NGFW Portal

L1 Bithead

After tried to delete AWS account inside CloudNGFW portal, Now status is "deleting" for 4 hours already

Is it take so long time?

 

I can not add a new account, It seem support onboard only 1 account

1 ACCEPTED SOLUTION

Accepted Solutions

L2 Linker

Hi @nattapong_thi

 

This was caused by creating a firewall in the account and then using the same account to onboard to FMS with that original firewall still existing. There is an enhancement that allows users to work on both FMS and nonFMS use cases so that users can keep resources created when just onboarded as nonFMS users, then later onboard FMS and create resources by FMS policy, we will allow both to exist and operate at the same time.

 

 

Edison K Benny
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
 *Don’t forget to accept the solution provided!*

View solution in original post

6 REPLIES 6

L3 Networker

Did you try deleting the CFT template in your AWS account that you ran for IAM permissions?

Yes!, After waiting for many hours, Then deleted CFT 😂

L3 Networker

So is the status still showing deleting?

Yes

nattapong_thi_0-1653460627369.png

 

L2 Linker

Hi @nattapong_thi

 

This was caused by creating a firewall in the account and then using the same account to onboard to FMS with that original firewall still existing. There is an enhancement that allows users to work on both FMS and nonFMS use cases so that users can keep resources created when just onboarded as nonFMS users, then later onboard FMS and create resources by FMS policy, we will allow both to exist and operate at the same time.

 

 

Edison K Benny
Product specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-help-center/ct-p/Cloud_NGFW
 *Don’t forget to accept the solution provided!*

L1 Bithead

I too have the same issue.

1. When you upgrade a standalone tenant account to an admin account for AWS FMS onboarding, deleting the NGFW resource goes for a whack.

2. After waiting for an hour, i ended up deleting the stackset and the endpoint from my account thinking i need to clean up my account before the ngfw firewall resource will be cleaned up.

3. I even revoked the admin access for my AWS account to make sure everything is clean from my side and then upgraded my account to administrator account again to try set things right. But no luck!

4. The one thing that i noticed is that if i get to the "Firewall Settings" page, i get an error "Account XXXX does not exist as a member". 

5. I cannot add another AWS account now since the account is already onboarded (and i get a prompt popup mentioning the same)

Somewhere, a disconnect/access permission issue makes it harder for the ngfw resources to get stuck in deleting state. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!