Our AWS account was restricted around 15 hours ago due to a suspected third-party access / account compromise notice.
We immediately completed the requested remediation steps and updated the original AWS Support case.
Despite being on AWS Business Support+, which is intended for business-critical workloads, the original case has remained unassigned for approximately 15 hours. AWS Support chat keeps failing or returning to unassigned without an agent response. When we open another support ticket asking for help, it gets closed with instructions to continue on the original case, but that case still has no response or assignment.
Production impact:
- The production EC2 API server is stopped and cannot be restarted due to the account block.
- Auto Scaling Group cannot launch new instances, which means upcoming high-traffic events may fail unless access is restored.
When attempting to start the affected EC2 instance, we receive the following:
"This account is currently blocked and not recognized as a valid account. Please contact AWS Support if you have questions."
Remediation already completed:
Root password rotated
Root MFA confirmed enabled
CloudTrail reviewed for the past 90 days, with no unauthorized activity found
IAM users, roles, policies, login profiles, and access keys reviewed
Billing and resources reviewed across all regions with no unexpected resources or charges found
We fully understand the seriousness of account security concerns and are ready to complete any additional verification or remediation required.
Could someone please help route or escalate the existing support case to the appropriate AWS account support team?
The case ID can be shared privately.
Business+ is most assuredly NOT meant for Business Critical workloads its listed as the lowest level of any support that is offered. Don't make s*** up.