By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Un-suspend root account from an organisation

0

Hi,

I'm experiencing problems setting up the root account for myself an my cofounder.

What I have done:

  1. After I created our organisation account in AWS, as well as my management account, I proceeded with creating an additional root account for my CTO.
  2. However, my CTO is not able to sign-in with his root account I created.
  3. Forgot password does not seem to work either.
  4. I then tried closing his account to re-start again. This second root account appear as Suspended.
  5. however now I cannot remove the account because it says that the root user itself has to "leave" the org, which he cannot.

Now, to not overcomplicate, How can I:

  1. either completely remove > add again the same account
  2. or un-suspend the removal, but fix the access from this second root account?
Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Account Management
Language
English
Manuel
asked a month ago58 views
1 Answer
0
Accepted Answer

I understand you're facing challenges with setting up a root account for your CTO within your AWS Organization. Let me clarify a few points and provide some guidance on how to address this situation.

First, it's important to note that when you create a new account within an AWS Organization, you don't actually create a "root account" for someone else. Instead, you create a member account within the organization. The root user for this account is automatically created, but the password is not set during this process.

To access the root user of a member account created within an organization:

  1. Go to the AWS Console login page.
  2. Enter the email address used when creating the member account.
  3. Click "Next" and then use the "Forgot password" option.
  4. Follow the password reset process to set up the initial root user password.

This is the standard procedure for accessing a root user account that was created within an organization for the first time.

Regarding the suspended account, you cannot directly remove a suspended account from an organization. The account must be reactivated first. To reactivate a suspended account:

  1. Contact AWS Support. They can help you reactivate the account.
  2. Once reactivated, the root user of that account can then choose to leave the organization.
  3. After the account has left the organization, you can then remove it or close it if needed.

If you want to start fresh:

  1. After reactivating and removing the suspended account from the organization, you can create a new member account for your CTO.
  2. Use a different email address for this new account to avoid conflicts.
  3. Follow the initial root user access process described earlier.

Remember, it's a best practice to minimize the use of root user accounts. Instead, set up IAM users with appropriate permissions for day-to-day operations. The root user should only be used for tasks that specifically require root user access.
Sources
Root User credentials for member account in an AWS Organization | AWS re:Post
Forgot root account information everything | AWS re:Post

profile picture
re:Post Agent
answered a month ago
profile picture
EXPERT
Riku_Kobayashi
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content