AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
How do you change an member account name?
AWS accounts managed using AWS Organizations may have centralized root access enabled for member accounts. These member accounts do not have root user credentials, can't sign in as a root user, and are prevented from recovering the root user password. - source (https://docs.aws.amazon.com/IAM/latest/UserGuide/reset-root-password.html).
You can centralize root access for member accounts to remove root user credentials for existing member accounts in your organization. Deleting root user credentials removes the root user password, access keys, signing certificates, and deactivates multi-factor authentication (MFA). These member accounts do not have root user credentials, can't sign in as a root user, and are prevented from recovering the root user password. New accounts you create in Organizations have no root user credentials by default. Contact your administrator if you need to perform a task that requires root user credentials on a member account where root user credentials are not present. - source (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_access-as-root)
In order to change a member account name, you need to use Root user. If the member account was in fact created via AWS Organizations and has centralized root access enabled, this means it has no root user credentials and account recovery is switched off, so it cannot go via forgotten password. To turn on account recovery, you need root user? An admin also can't do these tasks, only root user so the 'Contact your administrator if you need to perform a task that requires root user credentials on a member account where root user credentials are not present.' becomes a moot point?
So, we're in a catch-22.
Has anyone solved this?
- Language
- English
- Newest
- Most votes
- Most comments
At this link, https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks notice the text that I have bolded below.
Tasks that require root user credentials
We recommend that you configure an administrative user in AWS IAM Identity Center to perform daily tasks and access AWS resources. However, you can perform the tasks listed below only when you sign in as the root user of an account.
To simplify managing privileged root user credentials across member accounts in AWS Organizations, you can enable centralized root access to help you centrally secure highly privileged access to your AWS accounts. Centrally manage root access for member accounts lets you centrally remove and prevent long-term root user credential recovery, improving account security in your organization. After you enable this feature, you can perform the following privileged tasks on member accounts.
Remove member account root user credentials to prevent account recovery of the root user. You can also allow password recovery to recover root user credentials for a member account.
Remove a misconfigured bucket policy that denies all principals from accessing an Amazon S3 bucket.
Delete an Amazon Simple Queue Service resource-based policy that denies all principals from accessing an Amazon SQS queue.
Once you have enabled the central management you can perform priviledged tasks on an AWS Organizations member account from your organization management or delegated administrator account. One of the privileged tasks is to reenable the root user credentials for a member account. Follow this link for instructions on how to take a privileged action on a member account via the Console, CLI, or API.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user-privileged-task.html
Perform a privileged task on an AWS Organizations member account
The AWS Organizations management account or a delegated administrator account for IAM can perform some root user tasks on member accounts using short-term root access. These tasks can only be performed when you sign in as the root user of an account. Short-term privileged sessions give you temporary credentials that you can scope to take privileged actions on a member account in your organization.
Once you launch a privileged session, you can delete a misconfigured Amazon S3 bucket policy, delete a misconfigured Amazon SQS queue policy, delete the root user credentials for a member account, and reenable root user credentials for a member account.
Hope this clarifies the process!
Previously we need to have root user but now you dont have to go through the root user recovery process anymore , we have introduced a new account management API that enables customers to update the account name via authorized IAM principals and more efficiently manage account names. This new API is added to the AWS account management APIs that enable AWS Organizations customers to centrally and programmatically manage primary email addresses, primary contact information, alternate contact information, and AWS Regions for their accounts. Using the new API, customers will no longer need root access to manage their account names, and they will be able to use authorized IAM principals within the account. Additionally, customers using AWS Organizations in all-features mode can now update member account names via authorized IAM principals in the management and delegated admin accounts, providing a centralized and secure way to manage account names across their organization at scale. Customers can also use the new API via the AWS Command Line Interface (CLI) and AWS Software Development Kit (SDK) to update account names. https://aws.amazon.com/about-aws/whats-new/2025/04/aws-account-management-iam-based-name-updates/ Update Account Name API - https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-update-acct-name.html
Relevant content
- asked a month ago
- asked 4 years ago
- AWS OFFICIALUpdated 2 years ago
So to follow up here. My issue was that I couldn't do this:
Because I was logged in as Root rather than a user with admin perms.