Trying to understand "Update Root User Email Address for AWS Account"

0

I received an email from AWS entitled "Update Root User Email Address for AWS Account". I'm trying to understand what it's actually asking me to do. The complete body of the email is below.

Is it saying that I'm using the same email address for AWS (the cloud platform) and Amazon.com (the store) and that I need to change the email address in AWS to something different?

I find this message incredibly difficult to parse.

You are receiving this message because we have identified that you are currently using the same email address for this AWS account (as listed in the Subject line) and for additional AWS account(s), which are associated with your Amazon.com account. We strongly recommend that you update the root user email address [1] for this AWS account as soon as possible to separate access to your additional AWS account(s) linked to your Amazon.com account. If you do not take any action by April 10, 2023, we will require you to update your email before accessing this AWS account when you sign in next to your account.

After you have changed the root user email address for this account, you will be able to use it to access your account. At that point, we can finish separating your additional AWS account(s) from your Amazon.com account.

The following are your additional AWS account(s) linked to your Amazon.com account: 999999999999

After you receive a confirmation email from no-reply@update.signin.aws, you can then sign in with the existing root email address for the additional AWS Account(s) and access new features. This can include enhancing the security of your sign-in experience with other Multi-Factor Authentication (MFA) device types, including hardware security keys [2], and monitoring root user activity through AWS CloudTrail [3].

  • Yes, you are right, the request is to use another email for your AWS account.

    The recommendation is to separate your amazon.com user from any AWS accounts. For eg: You may have an amazon.com user account for shopping, prime etc. But when it comes to AWS, it serves better to have a different email. This gives you an advantage from a security perspective i.e AWS accounts users do not automatically get access to amazon.com services.

    If you have multiple AWS account, there is also a concept of using an organization to bring everything together. https://aws.amazon.com/organizations/

3개 답변
1
수락된 답변

Hi,

You are correct, it just mention to separate the email you use to log in to AWS console, from the one you use in Amazon.con e-commerce site. Reason is that if one access is compromised, so it will be the other one, and remediation is to have different emails.

To change root e-mail in aws follow this guide: https://aws.amazon.com/premiumsupport/knowledge-center/change-email-address/

Hope it clarifies and if it does I d appreciate answer to be accepted so that community can benefit for clarity, thanks ;)

profile picture
전문가
답변함 일 년 전
profile picture
전문가
검토됨 5달 전
  • There's not really any utility to my having multiple email addresses.

    We really have to jump through the hoop of getting a gmail account to use AWS ... where I host my email?

    Identity should be separate from authentication. It's fine to reuse identity. This is very silly.

    Is there no way to leave it as-is?

  • Though having separate emails is more secure, but if you want you can use the same email, you can set different passwords as they are two separate accounts now.

0

How are we suppose to sperate them if the following applies? Important: If your Amazon.com retail and AWS accounts share the same log-in information, then updating the email address for one account also changes the other account.

답변함 일 년 전
0

I had a very old AWS account which had the number in the email above. The support person matched this to a partially setup account that had same email as my main current account which had a different account number. I had to change the email for the current account which also changed amazon.com email to be the same. I also had to login to the old account and set it up with payment preferences which required ringing up bank to unblock VISA on USA sites for 2 hours and entering exact name as on back of card and clicking verify.

Each account under name on top right of AWS console has a long account number. That defines what account the email is about. In my case it was for a very old account not my current account so I was confused about that till agent sorted out what account was causing the problem.

It is not to do with the email in amazon.com and current AWS account because they synchronise with each other in case of current active AWS account. In the old incompletely setup account the email could remain and new account had to have the email changed so the two accounts did not have the same email.

That took 2 months to work out and complete confusion over which AWS account it referred to and what 2 account emails had to change: not AWS and amazon.com but two AWS accounts. I had to ring up amazon.com help line who said they could not help as I was not in their area for AWS account problem. So I put in a ticket under current AWS account and pasted the email re changing email for the old account into chat and the agent then sorted it out over about 2 hours including a long distance call so they could verify me to login into old account and help me reset password for the old account I had forgotten about as it was over 10 years ago.

답변함 10달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠