How to run aws-nuke across 2 different AWS organizations

Question

I'm learning to use aws-nuke to delete all the resources in my organization AWS account. I was able to successfully remove my personal resource in my own organization manage the nuking. Wondering will it works across organization? Let's say we have 2 different organizations. See Screenshot above.

Is it possible to have aws-nuke work across 2 different organizations when we have a Power-User or System Admin from organization B to manage the training account in organization. Here's a simplified version of the diagram.

Answer 1

I was able to reach out to the author of aws-nuke and open a discussion page here

You have to setup cross account access and run aws-nuke for with assume role each account.

It is possible to have aws-nuke work across 2 different organizations when we have a System Admin from organization B to manage the training account in another organization (Organization A).

Answer 2

I have used aws-nuke to manage my AWS organization accounts. You can definitely use cross-account roles for the task assuming that you already can run aws-nuke on your resources in your AWS account. What you can do inside your AWS account, you can do with cross-account roles except for a handful of AWS actions. The only issue will be the AWS cross-organization role will have to be too much permission and that is risky. AWS-nuke documentation says, such tool for AWS-nuke is very risky and destructive!

Linking AWS accounts via AWS Organization allows you to consolidate billing, use Service Control Policies, etc. It doesn't actually give any more capability than what you can do with Cross-Account Roles. You still would need to use those as SCP actually doesn't give you permission that IAM doesn't give you. So to answer your question, would you be able to do it with AWS Organizations?

Yes, if you use cross-account AWS role.

Would you be able to do it with other non-members too?

Yes, with cross-account roles. I am emphasizing cross-account roles here and reiterating, whatever you can do inside your AWS account, you can do with cross-account roles except for a handful of actions. That's my 2 cents would be just to use cross-account roles.