I'm in a tough spot with my AWS root account and really need some advice from anyone who's been in a similar situation. Here's my dilemma: I've lost access to my root MFA device, and during registration, I accidentally entered the wrong phone number—just swapped two digits. I do still have access to the root email address and all billing emails or invoices though. The problem is, I have no IAM users; everything was running through the root account. On top of that, my EC2 servers were set to allow SSH connections only from my home static IP, which recently changed due to my ISP switching, so now I can't access my machines at all. AWS Support has told me they can't remove the MFA after their security review, and they directed me to their self-service recovery options, but I can't use those without another admin user or the correct phone number. Right now, I'm completely locked out of managing my resources, even though they're all still running. I'm ready to provide any proof they need—like invoices, card details, ID, or bank statements—but I feel stuck since support keeps sending the same template responses. Has anyone successfully recovered a root account under similar circumstances? I'd appreciate tips on how to escalate this, any keywords I should use in support tickets, or if I should consider calling AWS billing or security directly. I'm located in the UK. Thanks for any insights!
3 Answers
Hey, sorry to hear about the trouble you're having! Have you tried reaching out through the MFA contact form? That’s usually the best way to get in touch with the right team, and they can help you with MFA recovery. Just include any case ID when you contact them for a quicker response. Good luck!
Make sure you use your email address linked to your AWS account if you’re trying to recover. That could help trigger some options for you.
What actually happened with your root MFA device?
The account was set up back in 2017, and the MFA was on my old phone, which I gave to my mom after factory-resetting it. I didn't have to log in again until now since everything was configured, and I mainly accessed it via SSH. Then, my ISP recently switched my static IP, so I lost SSH access too, and when I went to reset the MFA, I realized I entered the wrong phone number during setup. Total bummer!
Thanks, Rick. I’ve sent you a DM with my case ID!