The administrator of an AWS account has left the company. How do I access this AWS account?

2 minute read
0

I need access to the AWS root user account, but I don’t have the credentials to sign in to the account because of one of the following reasons:

The AWS account root user is no longer the account administrator, and they aren't reachable. I'm unable to reset the password due to an invalid email address.

Resolution

To access an account as a root user, you must have the email address and password associated with the account.

To access the account as an AWS Identity and Access Management (IAM) user, you must have the user name and password for that IAM user.

If your multi-factor authentication (MFA) device is lost or broken, see How do I remove a lost or broken MFA device from my AWS account?

The simplest way to get the credentials for the account is to ask the former administrator of the account.

If that's not possible, try the following:

  • If the email address is associated with a corporate domain, it's a best practice that you contact your email administrator. Ask your email administrator if they can give you access to the email address, or pass along a password reset email for the account.
    Note: The password reset email is sent from account-update@amazon.com if the account was created before August 28, 2017, or from password-reset-noreply@aws.amazon.com if the account was created after August 28, 2017.
  • If you have root access to the account but don't know the password for a particular IAM user, sign in as the root user. Then, change the password.

Important: AWS Support can't change the root user or IAM credentials on an account for any reason.

Related information

I can't sign in because my credentials don't work

How do I recover a lost or forgotten AWS password?

How do I change the email address that's associated with my AWS account?

How do I transfer my AWS account to another person or business?

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago
5 Comments

This is a complete non-answer and belongs nowhere near the question. The main question is:

If someone has complete legitimate control of the corporate e-mail domain, and a working AWS IAM account, how do they determine which of the potentially thousands of historic corporate e-mail addresses that was used for the AWS root account? For example was it admin.firstname.lastname1@west.company.com, oldadmin.firstname.lastname2@west.company.com, cto.firstname.lastname3@west.company.com, itworker.firstname.lastname4@east.company.com, itworker.firstname.lastname5@east.company.com, accountant.firstname.lastname6@south.company.com, etc. etc.

replied 8 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 8 months ago

This answer is unhelpful for my situation. My company had the steward of an AWS account pass away, without leaving behind documentation on what email address is associated with the account. I have an account number, but no account name and no email address. I need a way to discover the email address that's associated with this account.

replied 6 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 6 months ago

Frankly, your process to recover the root account is flawed if the root account email address and password are not known. You should have a procedure that identifies the account owner by other means. For the biggest cloud provider out there, this simply is not good enough and we face losing all of our infrastructure because of an expired credit card that can't be updated.

Please also reply with something more constructive than:

"Thank you for your comment. We'll review and update the Knowledge Center article as needed."

BDKY
replied 3 months ago