How do I gain access as an AWS account root user to the account created by Account Factory or Account Vending Machine in AWS Control Tower?

2 minuti di lettura

I want to gain access as an AWS account root user to my AWS account that was created by Account Factory or Account Vending Machine in AWS Control Tower.


  1. Sign out from any existing AWS accounts in your browser, if any.
  2. Open the AWS sign-in page.
    Note: If you don't have the email address of the AWS account that you want to access, you can get it from the AWS Control Tower console. Open the Control Tower console for the management account, choose Accounts, and then look for the email address.
  3. For Root user email address, enter the email address of the AWS account that you want to access, and then choose Next.
  4. Choose Forgot your password? to have password reset instructions sent to the AWS account root user email address.
  5. Open the password reset email message from the root user mailbox, and then follow the instructions to reset your password.
  6. Open the AWS sign-in page, and then sign in as Root user with your new password.

Related information

Tasks that require root user credentials

Enable MFA on the AWS account root user

Editing contact information

Unmanaging a Member Account

AWS UFFICIALEAggiornata 3 anni fa
2 commenti

Accounts created by Account Factory do not have MFA enabled (root). Let's say that I want to enable Detect whether MFA for root user is enabled control for a specific OU within AWS Control Tower. Then all the accounts created by Account Factory will result to be non compliant. Is it a best practice to gain access to root accounts by resetting password and enable MFA? Or Should I ignore the warning? Isn't a best practice to have MFA enabled on Root accounts?

risposta 3 giorni fa

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
risposta 3 giorni fa