By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Any other options to recover root access?

0

I have seen posts like this: https://repost.aws/knowledge-center/reset-root-user-mfa, but they appear to not be workable. Are we out of luck?

One of our IT professionals left the company recently. He had access to the root account on AWS and the MFA and backup number was apparently tied to his corporate cell phone which is no longer available. We are trying to regain root access. My account and others that we have found were only created with limited visibility such as billing. I have not found an account that has IAM permissions to create a support ticket with AWS. We have not found any other way to contact AWS other than possibly this forum.

Ultimately, we have a SQL server running on a EC2 instance which has become unresponsive. The web services running on other instances are failing because they cannot access the server. We cannot access via SQL studio or RDP via our normal methods. The next/last approach was to force restart the instance, but found there is no access.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Management ConsoleAWS OrganizationsAWS Account Management
Language
English
Tom
asked 5 months ago293 views
2 Answers
0
Accepted Answer

You should not need root level access to address the issues with these instances. Two alternative paths I can suggest would be to identify someone who has administrator or elevated access to help you troubleshoot the problem with the SQL instances. Or someone who has access to manage IAM permissions to provide you the access you need.

If you have access to the root email address, or can get access to the root email address that can help with being able to move forward in getting past the MFA issues in the root that we outline in our documentation.

profile pictureAWS
StephenHeverin_AWS
answered 5 months ago
  • Tom
    5 months ago

    This does not really address the situation posed, but I will accept it because finding credentials for a elevated account is what we were finally able to do to recover. As mentioned, the problem was no accounts with elevated access and there is no root access. This account was acquired many years ago and handover of credentials during IT attrition had been missed.

0

Hey Tom,

Looks like you're in a position where you cannot follow the MFA reset steps (which requires access to the phone number that the account was configured with). This means that you're going to have to raise a support case and go through the process of proving account ownership. You should ideally start this from the account in question, if you have access to the support APIs. However, if you cannot raise a support case from the account in question, you can start the process from another AWS account - just bear in mind that there will be additional checks to prove ownership.

Once the MFA is removed, you can go through the password reset wizard. This will require access to the mailbox of the ex-employee, but that should be easy to access on your end, or recreate if needed.

Hopefully that puts you in a better position going forward. The next place to go is Customer Support via a support case.

profile pictureAWS
Ciaran Carragher
answered 5 months ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content