- Newest
- Most votes
- Most comments
If you or someone has access to the management account for the organization, you can find the root user email for the account under Organization > Accounts. Once there use the search bar to look for the account ID and you will be able to see the root email address.
Another option would be to follow the steps from I don't have access to the email for my AWS account under Troubleshooting issues with the root user user guide.
Is this account one of a number of accounts within AWS Organisations, or is it a single standalone account?
Your question is that you do not know the username associated with the root account - this will be an email address and a password https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account.
If the ex-employee setup the account with their company email address (you will know what the format of that would be, e.g. firstname.lastname@yourcompany.com ) then you could try getting that email account recreated within the company and get access granted to yourself, and armed with that email address you can use the Forgot password function https://docs.aws.amazon.com/IAM/latest/UserGuide/reset-root-password.html
If the ex-employee created the root account with an email address outside of the company then you won't be able to access it without their co-operation, and you have to assume they still have the ability to access the account.
You mention you have access to a number of IAM accounts, well if any/all of these are able to login to AWS Console, and if any of them have sufficient permissions, then you may be able to view the contact information associated with the account, as well as alternate contacts for billing, operations & security at https://console.aws.amazon.com/billing/home#/account
It would also be worth raising a billing support case with AWS to see what can be done from that side, because it sounds like you have to continue paying for the resources in that account even though you have no control over them https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-get-answers.html#billing-support
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 months ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
This is an Organizational account. I did use the ex-employee's email to reset the password and got logged in, however, that account was a standalone account, not our organizational account. They must have created multiple accounts. Unfortunately, the ex-employee passed away unexpectedly. The IAM accounts that I have access to do not have permission to view any other account information and they do not have permission to submit a support case. I will attempt a billing support case and see where that goes. Thank you for the suggestions!
Sorry to hear about your colleague. This is, understandably, a scenario that isn't encountered very much on this forum, although AWS (the company) must have come across this situation before. If you had an AWS account manager then you would ask them to handle it, but the fact you're asking this on here probably means you don't have an account manager to reach out to.
Presumably the payment method for the accounts (the one you know about, as well as those that you don't) is still going to be active, and AWS will be sending invoices monthly as usual. As these drop into the former employee's inbox it may shed some light on what these accounts are, and how to access them.
This thread on reddit (I know, I know) from within the past year covers much the same ground, and the AWS response (apparently official, although you can never be sure) is to log a billing & account support case as the first step https://www.reddit.com/r/aws/comments/136o9n5/aws_account_owner_died/