Skip to main content

Removing Cloud Permissions Firewall

One-Click Least Privilege. Zero Disruption.



© 2026 Sonrai Security. All rights reserved.

Overview

Removing Cloud Permissions Firewall for your cloud organization takes two steps:

  1. Reset Your Cloud Permissions Firewall - undo any applied policy changes
  2. Delete collector stacks in AWS CloudFormation - stop Sonrai monitoring in your cloud organization
info

If you have multiple AWS Organizations onboarded, you will need to complete these instructions for each organization.

Reset Your Cloud Permissions Firewall

Reset your Cloud Permissions Firewall to undo all applied policy changes in your cloud environment.

  1. In the Cloud Permissions Firewall app, ensure that you have the correct organization selected.
[AI GENERATED] Cloud Permissions Firewall organization selector dropdown showing the currently selected organization[AI GENERATED] Cloud Permissions Firewall organization selector dropdown showing the currently selected organization
  1. To remove the protections you have deployed to one of your organizations, open the menu while viewing Firewall Services for that organization, and click the Remove Permissions Firewall from the Org <your organization> option.
[AI GENERATED] Cloud Permissions Firewall Services page menu open with the Remove Permissions Firewall from the Org option highlighted[AI GENERATED] Cloud Permissions Firewall Services page menu open with the Remove Permissions Firewall from the Org option highlighted
  1. Confirm that you want to proceed by typing undo in the text field and clicking . This triggers the removal of all elements from Cloud Permissions Firewall in your cloud, reverting it to its original pre-firewall state.
[AI GENERATED] Cloud Permissions Firewall removal confirmation dialog with a text field to type undo and an Undo All button[AI GENERATED] Cloud Permissions Firewall removal confirmation dialog with a text field to type undo and an Undo All button

At this point, Cloud Permissions Firewall will show a status dialog when your environment has returned to its original state. Click when the process is finished.

Any control and policy changes that were rolled back are now available as Pending Changes that you can then review, remove, or redeploy later as desired.

[AI GENERATED] Cloud Permissions Firewall removal dialog step 1 showing the process of reverting the environment to its pre-firewall state[AI GENERATED] Cloud Permissions Firewall removal dialog step 1 showing the process of reverting the environment to its pre-firewall state
[AI GENERATED] Cloud Permissions Firewall removal complete dialog with a Done button indicating the environment has been restored[AI GENERATED] Cloud Permissions Firewall removal complete dialog with a Done button indicating the environment has been restored
[AI GENERATED] Cloud Permissions Firewall Pending Changes page showing the Deploy Pending Changes button to restore rolled-back controls[AI GENERATED] Cloud Permissions Firewall Pending Changes page showing the Deploy Pending Changes button to restore rolled-back controls

Delete your Sonrai Collector Stack in CloudFormation

  1. With your Organization Management account, open CloudFormation in the AWS console,
  2. Find and delete the Sonrai collector stack that was created during account onboarding.
[AI GENERATED] AWS CloudFormation console showing the Sonrai collector stack selected for deletion[AI GENERATED] AWS CloudFormation console showing the Sonrai collector stack selected for deletion

Removing this stack should automatically remove associated StackSets and nested stacks.

Troubleshooting: StackSet is Not Empty

My AWS clean-up fails with a "StackSet is not empty" error... What is happening?

If an AWS account is suspended, then CloudFormation will not delete related stacks in the StackSet leading to an error when you try to remove the Sonrai collector stack:

Resource handler returned message: "StackSet is not empty (Service: CloudFormation, Status Code: 409, Request ID: 429635a0-b460-417b-aae8-5c17db432d65)" (RequestToken: d0a897c8-02d6-39e5-610c-afef318120d8, HandlerErrorCode: GeneralServiceException)

Confirm this in the AWS CloudFormation console. View your StackSets and click on the name of your Cloud Permissions Firewall StackSet to see detailed information. Check Stack instances, and look for any stacks that show a SKIPPED_SUSPENDED_ACCOUNT status.

[AI GENERATED] AWS CloudFormation StackSet Stack instances view showing a stack with SKIPPED_SUSPENDED_ACCOUNT status[AI GENERATED] AWS CloudFormation StackSet Stack instances view showing a stack with SKIPPED_SUSPENDED_ACCOUNT status

How do I resolve this error and finish removing Cloud Permissions Firewall?

Remove the problematic StackSets manually, before going back to delete the main Stack.

  1. While viewing the StackSet details, select Delete stacks from StackSet from the Actions dropdown.
[AI GENERATED] AWS CloudFormation StackSet Actions dropdown menu with Delete stacks from StackSet option highlighted[AI GENERATED] AWS CloudFormation StackSet Actions dropdown menu with Delete stacks from StackSet option highlighted
  1. Specify the following deployment options, as shown below:
    • AWS OU ID: Your Organization Unit ID
    • Specify Regions: Add all regions
    • Maximum concurrent accounts: Percentage 100
    • Failure tolerance: Percentage 100
    • Retain stacks: Enabled
    • Region concurrency: Parallel
[AI GENERATED] AWS CloudFormation Delete stacks from StackSet deployment options form showing OU ID, regions, concurrency and failure tolerance settings[AI GENERATED] AWS CloudFormation Delete stacks from StackSet deployment options form showing OU ID, regions, concurrency and failure tolerance settings
  1. Click Next, and then Submit to remove the remaining StackSet Stack instances.
  2. Once no StackSet Stack instances remain, delete the main Stack (which had previously failed deletion) again.

Last updated on