I made a rookie mistake while learning AWS. Instead of just adding an IAM user for my secondary email, I ended up creating a whole new account through AWS Organizations without realizing it. Now I'm in a frustrating situation:
- I can't log into this new member account because no root password was set when I created it.
- Attempting to reset the password leads to a message saying that password recovery is disabled.
- I can't remove the account from my organization since it's apparently missing necessary prerequisites to operate as a standalone account, like billing information.
- I can't even add billing info because I can't access this account.
I've tried all the recommended solutions, including password resets and accessing the member account to leave the organization, but nothing works. Is my only option to reach out to AWS Support, and is it okay if I've closed the account from my management account? I just want to avoid a long wait if there's a simpler way.
3 Answers
You can access the member account by assuming a role, usually the "OrganizationAccountAccessRole". I feel you on the mix-up—it can be confusing at first! Just take some time to brush up on how AWS Organizations work; they can really help with isolating billing later on.
Thanks for the tips! I want to make sure I do it right next time.
If you've closed the account, you're good to go. It will drop off in 90 days. Just a heads up, it's generally better to avoid IAM users. Instead, use IAM Identity Center for human logins, as it makes managing multiple AWS accounts a breeze.
Totally get that! I used to think of accounts as just accounts, but now I see them as environments. Makes things clearer!
Here's a link that might help you out with AWS account closure procedures: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html.
I actually closed it already and reached out to support because I'm a bit concerned.
I don't see the switch role option in my dropdown. I tried creating a role in my management account to access the member account, but it didn’t work when I tried to switch.