By using AWS re:Post, you agree to the Terms of Use
/AWS Account Management/

Questions tagged with AWS Account Management

Sort by most recent
  • 1
  • 90 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

How do I transfer my AWS account to another person or business?

I am selling my site and need to transfer the AWS account to the buyer's business (the buyers do not use AWS for their other sites - but they want my site to continue with AWS). I cannot figure out how to do it. Do I need to pay for support and what level? This is Amazon's advice on transfering ownership of a site: https://aws.amazon.com/premiumsupport/knowledge-center/transfer-aws-account/ "To assign ownership of an AWS account and its resources to another party or business, contact AWS Support for help: Sign in to the AWS Management Console as the root user. Open the AWS Support Center. Choose Create case. Enter the details of your case: Choose Account and billing support. For Type, choose Account. For Category, choose Ownership Transfer. For all other fields, enter the details for your case. For Preferred contact language, choose your preferred language. For Contact methods, choose your preferred contact method. Choose Submit. AWS Support will contact you with next steps and help you transfer your account ownership." I have done all this but have not yet been contacted (24 hours). The text seems to suggest that advice on transfering ownership is a necessary aspect of transfering an AWS root account to a company, and that such advice is provided free by Amazon, since nothing is said about pricing. If on the other hand AWS clients must pay for a support package to transfer ownership, which package? The $29 Developer package or the $100 Business package or some other package? How quickly does Amazon AWS respond? How quick is the transfer process? I am finding this very frustrating.
1
answers
0
votes
11
views
Matthew Pollock
asked 4 days ago

Request to increase Sending Limits Rejected

Hello, **Amazon has rejected my request to increase daily sending quota limits.** The Amazon SES Quota on my home page shows I'm in Sandbox mode and have a daily quota of 200 mails. It also states: "Please request Amazon to raise your SES Sending Limits to be able to send to and from any email address as well as raise your daily sending quota from 200 to any number you need." **I put in a detailed request via the support centre ticketing system for a daily quota of 50 000, and provided the additional background info on request:** "I will send emails to my list received from advertisements once per day (excluding test emails), I will maintain my recipient list through granting them the option to voluntarily unsubscribe from my newsletter every day and by eventually remove a series of inactive subscribers from my email list every 30 days to prevent unnecessary spam and bounces. My email newsletters are a series of 6 repeated fond communications with the subscriber per week, with one inactive day. And all of these communications entail an introductory, soft and hard pitch promotion of my affiliate offer. A screenshot example of a snippet of my email swipes is attached in a PDF file below." **They Replied as follows** "Hello, Thank you for submitting your request to increase your sending limits. We are unable to grant your request at this time because we do not have enough information about your use case. If you can provide additional information about how you plan to use Amazon SES , we may be able to grant your request. In your response, include as much detail as you can about your email-sending use case and how you intend to use Amazon SES. For example, tell us more about how often you send email, how you maintain your recipient lists, your website or app(please include any necessary links), and how you manage bounces, complaints, and unsubscribe requests. It is also helpful to provide examples of the email you plan to send so we can ensure that you are sending high-quality content. You can provide this information by replying to this message. Our team provides an initial response to your request within 24 hours. If we're able to do so, we'll grant your request within this 24-hour period. However, if we need to obtain additional information from you, it might take longer to resolve your request." **I'd be grateful for some guidance on how to proceed. I felt I'd given enough context, and I can't conceive that the volume of mail I'm now pushing via a legacy server that is going to be taken offline would have an influence on Amazon services.**
1
answers
0
votes
12
views
Kent7
asked 2 months ago

Root account no permissions

Hi All, I have not used my Amazon account for a while. I think it was free-tier to begin with. I wanted to start re-using it. I logged on and find I have no access to Billing. I also have no access to Organizations. I can assign privileges to IAM users. I had an existing user under IAM and I gave it Administrator and BillingAccess privileges. I logged on with that user, but when it browses to Organizations or Billing, it also gets permission denied issues. Example with root account accessing "Account": You Need Permissions You don't have permission to access billing information for this account. Contact your AWS administrator if you need help. If you are an AWS administrator, you can provide permissions for your users or groups by making sure that (1) this account allows IAM and federated users to access billing information and (2) you have the required IAM permissions. I get the same error when IAM user with billing permissions accesses "Billing". I cannot even create a support case using root account. It says I have no access and I was placed in support plan Basic, but then there is no way to create a case. When I click "Create case": An error occurred when we tried to process your request User: arn:aws:iam::ID:root is not authorized to perform: support:DescribeServices with an explicit deny in a service control policy User: arn:aws:iam::ID:root is not authorized to perform: support:DescribeSeverityLevels with an explicit deny in a service control policy You don't have the necessary IAM permissions to view that support case. Learn more Then under "Create case" the various case options are grayed out. Thanks!
1
answers
0
votes
8
views
AWS-User-3997924
asked 2 months ago

Build and Deploy source from git Tag from another account

Hi Team, I have an AWS Pipeline in my DEV account, I created a second Pipeline In my PROD account. I followed this articles : 1 - https://prashant-48386.medium.com/cross-account-codepipeline-that-use-codecommit-from-another-aws-account-9d5ab4c892f6 2- https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-cross-account.html to make the PROD Pipeline use the Repository of the DEV account. how can I Build the source from a specific git tag, not from a branch name? when I put the tag number on the Pipeline source stage it fails. I tried to edit the source stage in the pipeline and select 'full clone' option but I had this error : `remote repository is empty for primary source and source version 63sdsde73f2e1f6sdsd7564f742csdsds91ssd1f7sdsa` as I used a remote repository in another account (DEV). I tried also to do this in my Buildspec : ``` ... git-credential-helper: yes .... build: commands: - echo Build started on `date` - git config --global user.name $REPO_NAME - git config --global user.email "$REPO_NAME@xxxx.xxx" - git clone code_conit_remote_repo_dev_account_url/$REPO_NAME --branch=$TAG_VERSION - cd $REPO_NAME ``` git clone https://codecommit.region.amazonaws.com/xx/xx/xx/$REPO_NAME --branch=$TAG_VERSION but I had this error : `fatal: unable to access 'https://codecommit.region.amazonaws.com/xx/xx/xx/myRepoName/': The requested URL returned error: 403` `Command did not exit successfully git clone https://codecommit.region.amazonaws.com/xx/xx/xx/$REPO_NAME --branch=$TAG_VERSION exit status 128` Thanks for your help.
1
answers
0
votes
10
views
Jess
asked 3 months ago

SUSE 15 SP3 stucked on "status check 1/2" during reboot after update to latest version.

Hello Team, our SUSE 15 SP3 instance(r4.2xlarge) is stucked in "status check 1/2" during reboot after upgraded it latest version. Here are some logs as well. Please share some solutions. **"cloud-init[1276]: ci-info: | Device | Up | Address | Mask | Scope | Hw-Address | [ 41.805561] cloud-init[1276]: ci-info: +--------+------+-----------+-----------+-------+------------+ [ 41.810798] cloud-init[1276]: ci-info: | lo | True | 127.0.0.1 | 255.0.0.0 | host | . | [ 41.816025] cloud-init[1276]: ci-info: | lo | True | ::1/128 | . | host | . | [ 41.820613] cloud-init[1276]: ci-info: +--------+------+-----------+-----------+-------+------------+ [ 41.824672] cloud-init[1276]: ci-info: +++++++++++++++++++Route IPv6 info+++++++++++++++++++ [ 41.828212] cloud-init[1276]: ci-info: +-------+-------------+---------+-----------+-------+ [ 41.832368] cloud-init[1276]: ci-info: | Route | Destination | Gateway | Interface | Flags | [ 41.837993] cloud-init[1276]: ci-info: +-------+-------------+---------+-----------+-------+ [ 41.842556] cloud-init[1276]: ci-info: +-------+-------------+--------[ 0.000000] Linux version 5.3.18-150300.59.49-default (geeko@buildhost) (gcc version 7.5.0 (SUSE Linux)) #1 SMP Mon Feb 7 14:40:20 UTC 2022 (77d9d02)" ** Thanks, Bhupendra +91-XXXXXXXXXX Edit: Removed personally identifiable information (phone number) per Community Guidelines.
0
answers
0
votes
5
views
AWS-User-5913470
asked 3 months ago

Cloudtrail event notifications

Hello, we have configured configured Control Tower landing zone and enrolled tens of accounts in our organization. We would like to monitor some of the actions (ConsoleLogin, SwitchRole, CreateUser, CreatePolicy, CreateRole, PutGroupPolicy, ...) across all accounts in organization and be notified when the action occurs via Slack or Pagerduty. Is there any out of box solution or recommended approach? I am considering two approaches: 1. Listen Cloudtrail S3 logs bucket Create an account which will have read only access to cloudtrail logs S3 bucket in Log Archive account. Lambda function will be triggered on new records in bucket. It will download the files from S3 and parse the events. Huge disadvantage is that it'll have to parse all cloudtrail entries which could be expensive and in inefficient. 2. Aggregate events using EventBridge buses Create dedicated account "Audit Notifications" where will be EventBridge event bus aggregating matched events from all other accounts. There will be configured event rule with Lambda target forwarding matched events from all accounts to Slack/Pagerduty/... in "Audit Notifications" account. Event rule forwarding matched events to Event Bus target in "Audit Notifications" will be deployed into each governed region in each member account. Similar as described in https://aws.amazon.com/premiumsupport/knowledge-center/root-user-account-eventbridge-rule/ I favor second approach, but maybe there are some other options. thanks
1
answers
0
votes
11
views
Martin Halamicek
asked 3 months ago

[HELP NEEDED] serious gap in the process, aws support is ignoring the request

Hello Guys! I have found a serious gap in the AWS process and the AWS support team doesn't want to help. How I can escalate my problem other than describing it here? I am really tired already. **My story:** I am * running a small IT company, that delivers AWS-based projects (among others). * Some time ago I decided to create an AWS organization under which I have created accounts for 2 of my team members. I have provided their personal email addresses while creating their accounts (that was my biggest mistake). * A few months ago one of my team members got schizophrenia, he lost access to his email account, started behaving aggressively, stopped working and communicating with us. * I wanted to remove his account from my organization, but: a) I cannot remove his account from my organization until I will provide valid credit card details for his account to make it fully stand-alone (btw. there is 0 spent on this account). b) The problem is that I cannot provide my credit card details because my colleague can potentially create a lot of expenses on my cost. c) Also when I will provide my credit card details and remove his account from my organization I will have no option to access this account anymore and delete these credit card details. * Another thing I explored was to close this account (since I have created it I should be able to do it): a) I cannot close the account if I don't have root access. b) I cannot change the email for the root account to recover the password even if I assume "OrganizationAccountAccessRole" role. c) The account can be closed from the root account only, or by the owner of the email associated with the root account. AWS support doesn't want to help. They "truly apologize" but this decision is out of their scope, leaving their hands tied". Their advice is to provide credit card details, remove the account and pray for that guy not to start using this account on my costs. This is something that I obviously cannot accept. Here is the full response: > Hello, I'm following up in behalf of our team. At this point, we want to apologize for any inconvenience this situation may cause. Unfortunately, we're unable to proceed with your request to close member accounts on this account. The initial requirements for accounts to function as standalone accounts can not be bypassed. To complete your account information, you can sign in to the member account with the Management Account Access role. The accounts you created using AWS Organizations have an IAM role called "OrganizationAccountAccessRole". This role has full administrative permissions, and the administrator of the management account can access the member account, complete the sign up requirements and then remove the account from the organization. *Note that if you created an account as part of an organization, you might need to delete the delegated administrator role assigned to your account. This IAM role is not deleted automatically* We recommend you use the IAM role to maintain the security settings you implemented on the account. For information about the IAM role, see the following documentation: https://aws.amazon.com/premiumsupport/knowledge-center/cannot-remove-member-organization/ For information on what happens to member account when you close them, see: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html See the AWS API and AWS CLI documentation here: https://docs.aws.amazon.com/organizations/latest/APIReference/API_DeregisterDelegatedAdministrator.html https://docs.aws.amazon.com/cli/latest/reference/organizations/deregister-delegated-administrator.html From my end, I understand this outcome is not the desired one but please note that this decision is out of my scope, leaving my hands tied looking to accomplish your request. Please remember that the Billing & Accounts team is a bridge of communication between our customers and other internal teams. Once again, my truest apologies. We value your feedback. Please share your experience by rating this correspondence using the AWS Support Center link at the end of this correspondence. Each correspondence can also be rated by selecting the stars in top right corner of each correspondence within the AWS Support Center. Best regards, XYZ Amazon Web Services I will appreciate your advice on what else I can do to solve this problem. Thanks a lot!
1
answers
1
votes
18
views
AWS-User-9344936
asked 3 months ago

Exam Revoked After PASSING - Bad Experience with PSI Online (AWS Solution Architect Associate Exam)

I want to report an extremely bad experience giving the AWS Solution Architect Associate (SAA-C02) exam on 01/22/2022. Apologies if this is not the right place to post this experience as I did not find any other forum to post exam-related experiences. I appeared for AWS Certified Solutions Architect - Associate (CONFIRMATION NUMBER: G81923108) on 01/22/2022. I was able to start the exam after 30 minutes of struggle in getting the PSI software loaded and working. I followed all the guidelines and requirements of the proctor and gave my full 130-minute attention to the exam. After completing the exam, I submitted the exam for the result and was very happy to see the screen "Grade: PASS. Congratulation! You have successfully passed the AWS Certified Solutions Architect .... Within 5 business days, you will receive an email stating your exam result ......" After that, I thought that the exam is now over, as I sat for another 30 seconds and did not see any notification from Proctor or any other dialog on the PASS result screen. I took the photo of the screen from my mobile to keep it for my records so that I don't lose my result and have proof. Right then I saw a screen stating your exam is terminated due to a violation of taking photos and within 10 seconds screen closed. I called PSI and explained the matter that I completed the exam and saw the result on the screen as "PASS". Only after that, I take the picture. They opened a ticket but says you need to contact AWS for resolution. This is a very frustrating situation as after 9 days, today 02/01, and I gave exam on 01/22, there is no update on the AWS certification page and also no update on the PSI website related to the result. It's not acceptable for AWS/PSI to make candidates suffer and lose belief in the certification process.
4
answers
0
votes
26
views
AWS-User-5010890
asked 3 months ago

AWS: s3 bucket policy does not give IAM user access to upload to bucket, throws 403 error

I have an **S3 bucket** that works perfectly with root credentials (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`) to upload files to the bucket. I have created an **IAM user**. I tried to give this **IAM user** the privilege of uploading files to this bucket by creating this **policy** and attaching it to that bucket: { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement2", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::122xxxxxxxx28:user/iam-user-name" }, "Action": "s3:*", "Resource": "arn:aws:s3:::bucket-name" } ] } However, when I try to upload a file, I get this error: ``` > PUT > https://bucket-name.s3.region-code.amazonaws.com/images/60ded1353752602bf4b364ee.jpeg?Content-Type=image%2F%2A&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIARZARRPPIBMVEWKUW%2F20220128%2Feu-west-3%2Fs3%2Faws4_request&X-Amz-Date=20220128T123229Z&X-Amz-Expires=300&X-Amz-Signature=dfdc3d92f6e52da5387c113ddd793990d1033fdd7318b42b2573594835c01643&X-Amz-SignedHeaders=host%3Bx-amz-acl&x-amz-acl=public-read > 403 (Forbidden) ``` This is how the upload works: 1. I generate a presigned-url in the backend: ```js var getImageSignedUrl = async function (key) { return new Promise((resolve, reject) => { s3.getSignedUrl( "putObject", { Bucket: AWS_BUCKET_NAME, Key: key, ContentType: "image/*", ACL: "public-read", Expires: 300, }, (err, url) => { if (err) { reject(err); } else { resolve(url); } } ); }); }; ``` 2. Then the file is uploaded in the frontend using that url: ```js await axios.put(uploadConfig.url, file, { headers: { "Content-Type": file.type, "x-amz-acl": "public-read", }, transformRequest: (data, headers) => { delete headers.common["Authorization"]; return data; }, }); ```
1
answers
0
votes
8
views
AWS-User-9169178
asked 4 months ago
  • 1
  • 90 / page