The administrator of an AWS account has left the company. How do I access this AWS account?

Last updated: 2020-09-25

I need access to the root account, but I don’t have the credentials to sign in to the account because of one of the following reasons:

  • The AWS account root user is no longer the account administrator, and they aren't reachable.
  • I'm unable to reset the password due to an invalid email address.

Resolution

To access an account as a root user, you need the email address and password associated with the account. To access the account as an AWS Identity and Access Management (IAM) user, you need the user name and password for that IAM user.

If your multi-factor authentication (MFA) device is lost or broken, and you are unable to retrieve the MFA token, see How do I remove a lost or broken MFA device from my AWS account? 

The simplest way to get the credentials for the account is to ask the former administrator of the account. 

If that's not possible, try the following:

  • If the email address is associated with a corporate domain and you've either forgotten or misspelled the alias, it's a best practice that you contact your email administrator to discuss options that can help you gain access to the email address. Ask your email administrator if they can give you access to the email address, or pass along a password reset email for the account.
  • Consider setting up a catch-all account to help you retrieve emails sent to the email address, such as the password reset email from Amazon. A catch-all account is an email address that collects all emails addressed to your domain, including email addresses unknown to the server. A catch-all account is useful for catching and storing emails addressed to misspelled recipients in a domain. After setting up the catch-all account, you can click the password reset link in the email from Amazon, and then reset the root password for the AWS account. After resetting the root password, sign in to the Account Settings page, and then update the email address on the account.
    Note: The password reset email is sent from account-update@amazon.com if the account was created before August 28, 2017, or from password-reset-noreply@aws.amazon.com if the account was created after August 28, 2017.
  • If you have root access to the account, but don't know the password for a particular IAM user, sign in as the root user, and then change the password.
    Important: AWS Support can't change the root or IAM credentials on an account for any reason.