This article provides details on the activities requiring root-level access to any payer or standalone AWS account


Tasks that require root user credentials - AWS recommends that you use an IAM user with appropriate permissions to perform tasks and access AWS resources. However, you can perform the tasks listed below only when you sign in as the root user of an account.


  • Change your account settings. This includes the account name, email address, root user password, and root user access keys. Other account settings, such as contact information, payment currency preference, and Regions, do not require root user credentials.

  • Restore IAM user permissions. If the only IAM user with administrator permissions accidentally revokes their own permissions, you can sign in as the root user to edit policies and restore those permissions.

  • Activate IAM access to the Billing and Cost Management console.

  • View certain tax invoices. An IAM user with the aws-portal:ViewBilling permission can view and download VAT invoices from AWS Europe, but not AWS Inc or Amazon Internet Services Pvt. Ltd (AISPL).

  • Close your AWS account.

  • Change your AWS Support plan or Cancel your AWS Support plan. For more information, see IAM for AWS Support.

  • Register as a seller in the Reserved Instance Marketplace.

  • Configure MFA delete for your S3 bucket.

  • Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID.

  • (Not applicable to Distribution Channel Program) Sign up for GovCloud*.



*Please open a ticket for requests related to creating the GovCloud regional account.


Troubleshooting

If you can't complete any of these tasks with your root user credentials, your account might be a member of an organization in AWS Organizations. If your organizational administrator used a service control policy (SCP) to limit the permissions of your account, your root user permissions might be affected. For more information, see Service control policies in the AWS Organizations User Guide.


Account Recovery

  • The administrator of an AWS account has left the company. How do I access this AWS account? - LINK
  • How do I remove a lost or broken MFA device from my AWS account? - LINK