Transfer root user account to another IAM user

0

I have an IAM user account with the same email address as my root user account for administrative purposes such as user and permission management. Now, I'd like to transfer my root user account ownership to another IAM User with same email address domain name.

asked a year ago1183 views
6 Answers
1

There's no connection between an AWS account's root user and IAM users. Let's say you currently have an IAM user account "User1" and you also have access to the root user which has some email address. Even if that email address is yours, say User1@somedomain.com there's no connection between that and your IAM user account.

If your other team member has email User2@somedomain.com and has an IAM user account "User2" then sure, you can modify the root user's email address to be their email User2@somedomain.com. Again this has no connection with any IAM user account.

Best practice is to set the root user's email address to a group or distribution list, apply MFA with a physical MFA device and lock secrets + device away for use only when absolutely needed.

EXPERT
answered a year ago
  • So beside the email address, what other required information needed for me to modify in order to complete the transfer of root ownership to "User2"?

    My question is, if User2 becomes the new root User, I'd like to know whether still can access those AWS services​ under the old email when he logs in with the new email​ address?

    Appreciate if you could provide step-by-step instructions on how to do this. Thanks!

  • If by "User2" you're talking about the IAM user account "User2" as I was, I need to point out again that there's no connection between the root user and IAM users. The root account has a "name" (an email address), a password and an MFA device. You can modify these and it's up to you what email address you use and who has "ownership" of it and who has access to the password and MFA device. Step-by-step instructions are, as before - Log in to your root account and go to the "Update Account Settings" page accessed from My Account / Account Settings / "edit". I hope this helps.

0

You can modify your root account email address. Log in to your root account and go to the "Update Account Settings" page accessed from My Account / Account Settings / "edit".

EXPERT
answered a year ago
0

The IAM user account whos taking ownership of my existing root user account is a member within my team with the same email domain name. I would like to know whether it's possible to transfer internally my root user account to his IAM user account.

answered a year ago
0

So beside the email address, what other required information needed for me to modify in order to complete the transfer of root ownership to "User2"?

My question is, if User2 becomes the new root User, I'd like to know whether still can access those AWS services​ under the old email when he logs in with the new email​ address?

Appreciate if you could provide step-by-step instructions on how to do this. Thanks!

answered a year ago
0

After closing my root account, all the IAM Users account in my team including my admin IAM account are now getting an authentications error when trying to log in as IAM users. How can I resolve this issue?

answered a year ago
0

You mentioned "closing your root account" - this is a bit confusing perhaps because of the many meanings of the term "account".

Let's start with "AWS Account" which is a billing & security concept. You open an AWS Account to run AWS services in it (IAM is one such service), and when you no longer need to run those services you can close your AWS Account.

An AWS Account has a single Root User, defined by an email address. Sometimes when people say "Root User Account" but let's avoid using "Account" here to avoid confusion.

You can't "close" your Root User, it's an inherent part of your AWS Account. So if you've "closed" something then it must be your AWS Account, in which case all services in that account will become inaccessible, including IAM. So none of your IAM Users will be able to log in as the AWS Account is closed!

When you close an AWS Account it goes into a holding state for 90 days during which it is possible to reopen it. This is described here - https://repost.aws/knowledge-center/reopen-aws-account. Note however someone has commented that the first step, logging in as the Root User to a closed AWS Account, didn't work. If you find the same, then you can instead raise a support case at https://support.aws.amazon.com/#/contacts/aws-account-support/. Be sure to provide your AWS Account Number.

If this answer helps you, please "Accept" it.

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions