I recently transferred my domain to Route 53 and forgot to update the MX records for my Google Workspace email. This has locked me out of my AWS root account because the verification codes are sent to that domain, which I can't access anymore. I still have access to the AWS CLI through a limited IAM user, but it doesn't have the necessary permissions to make changes to Route 53. I've already submitted a recovery request with AWS to help me set up the MX records. Does anyone have a similar experience? How long did it take for AWS Support to get back to you?
5 Answers
A crucial lesson is to avoid having a dependency between your AWS Root user and the domain registered under the same account. It can cause major issues like this one.
I totally understand your frustration. AWS Support handles cases based on order received, so response times can vary widely. While you're waiting, check out the troubleshooting guide here: http://go.aws/lost-broken-mfa. If you provide your case ID, we can try to ensure it's prioritized.
Unfortunately, I can only use my email for MFA, which is currently down due to the MX record issue.
The main takeaway here is to avoid relying on root or IAM users. It's better to use IAM Identity Center or AWS SSO for user access. If you need to use IAM users, at least limit their role to avoid complications in situations like this.
Unless your SSO fails, in which case it’s risky. Keep root access secure!
Thanks for the advice!
Just wanted to share an update: I contacted support through a personal AWS account. They recommended switching to Technical Support, since Account/Billing Support has limitations based on the logged-in account.
I received a call regarding my case - it’s now with the domain department for further assistance.
True! I only use my root account for specific tasks like billing, and for everything else, I've set up dedicated IAM users for safety.
I attempted to send a message but got an error. Is it okay to post my case ID here?