Transfer root user account to another IAM user

There's no connection between an AWS account's root user and IAM users. Let's say you currently have an IAM user account "User1" and you also have access to the root user which has some email address. Even if that email address is yours, say User1@somedomain.com there's no connection between that and your IAM user account.

If your other team member has email User2@somedomain.com and has an IAM user account "User2" then sure, you can modify the root user's email address to be their email User2@somedomain.com. Again this has no connection with any IAM user account.

Best practice is to set the root user's email address to a group or distribution list, apply MFA with a physical MFA device and lock secrets + device away for use only when absolutely needed.

You can modify your root account email address. Log in to your root account and go to the "Update Account Settings" page accessed from My Account / Account Settings / "edit".

The IAM user account whos taking ownership of my existing root user account is a member within my team with the same email domain name. I would like to know whether it's possible to transfer internally my root user account to his IAM user account.

So beside the email address, what other required information needed for me to modify in order to complete the transfer of root ownership to "User2"?

My question is, if User2 becomes the new root User, I'd like to know whether still can access those AWS services​ under the old email when he logs in with the new email​ address?

Appreciate if you could provide step-by-step instructions on how to do this. Thanks!

After closing my root account, all the IAM Users account in my team including my admin IAM account are now getting an authentications error when trying to log in as IAM users. How can I resolve this issue?

You mentioned "closing your root account" - this is a bit confusing perhaps because of the many meanings of the term "account".

Let's start with "AWS Account" which is a billing & security concept. You open an AWS Account to run AWS services in it (IAM is one such service), and when you no longer need to run those services you can close your AWS Account.

An AWS Account has a single Root User, defined by an email address. Sometimes when people say "Root User Account" but let's avoid using "Account" here to avoid confusion.

You can't "close" your Root User, it's an inherent part of your AWS Account. So if you've "closed" something then it must be your AWS Account, in which case all services in that account will become inaccessible, including IAM. So none of your IAM Users will be able to log in as the AWS Account is closed!

When you close an AWS Account it goes into a holding state for 90 days during which it is possible to reopen it. This is described here - https://repost.aws/knowledge-center/reopen-aws-account. Note however someone has commented that the first step, logging in as the Root User to a closed AWS Account, didn't work. If you find the same, then you can instead raise a support case at https://support.aws.amazon.com/#/contacts/aws-account-support/. Be sure to provide your AWS Account Number.

If this answer helps you, please "Accept" it.