avatarTeri Radichel

Summary

The content discusses the limitations of renaming an AWS account and changing its primary email when using AWS Organizations, even as the root user, and the necessity of enabling trusted access for such modifications.

Abstract

The author of the content is experiencing difficulty renaming an AWS account and changing the primary email while logged in as the root user within AWS Organizations. Despite expectations that the root user should have full control, the AWS console restricts these actions without trusted access enabled. The author references a blog post suggesting that account name changes can be made from the account settings, but this does not align with the limitations observed in the AWS console. The author plans to experiment with trusted access and will update the blog with findings. The content also includes a call to action for support through subscriptions, claps for stories, and engagement via social media and professional networks.

Opinions

  • The author expresses confusion and a sense of contradiction regarding the limitations of the root user's capabilities in AWS Organizations.
  • There is a suggestion that the root account, being the owner and payer, should inherently have full control over all accounts within the organization.
  • The author implies that the current AWS console permissions, which only allow alternate contacts to be changed with delegated access, are insufficient and not aligned with the expectations of a root user.
  • The author intends to explore trusted access as a potential solution to the problem and is committed to sharing the results with the community.
  • The author values community engagement and support, encouraging readers to subscribe, clap for stories, and connect through various platforms.

Can’t Rename Account in AWS Organizations

Seems like you should be able to do anything if logged in as the root user??

Not sure if I am doing something wrong but I’m logged in as root and I can’t rename an account from the actions list.

So I found this blog post that says you can change the name from the account settings:

But trusted access is not enabled in my case.

This is confusing. It also seems like if you are logged in as the root user in an AWS account this should be allowed.

Going to try out trusted access and write about it on the main blog.

Thinking about this as writing my blog post — perhaps the thinking is that the root should not have access unless granted permission by the account owner — however, if the root account owns and is paying for the account, then it seems like it should have full control of any accounts in the organization.

Update: Nope. Can’t change the primary email or the account name with delgated access— only the alternate contacts — as far as I can tell from the AWS console. That aligns with the APIs available in the documentation.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

The best way to support this blog is to sign up for the email list and clap for stories you like. If you are interested in IANS Decision Support services so you can schedule security consulting calls with myself and other IANS faculty, please reach out on LinkedIn via the link below. Thank you!

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
Author: Cybersecurity for Executives in the Age of Cloud
Presentations: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Security Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Software Engineering, Master of Infosec
Company: Penetration Tests, Assessments, Training ~ 2nd Sight Lab
Like this story? Use the options below to help me write more!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Clap
❤️ Referrals
❤️ Medium: Teri Radichel
❤️ Email List: Teri Radichel
❤️ Twitter: @teriradichel
❤️ Mastodon: @[email protected]
❤️ Facebook: 2nd Sight Lab
❤️ Threads: @teriradichel
❤️ Bluesky: @teriradichel
❤️ YouTube: @2ndsightlab
❤️ Buy a Book: Teri Radichel on Amazon
❤️ Request a penetration test, assessment, or training
 via LinkedIn: Teri Radichel 
❤️ Schedule a consulting call with me through IANS Research

My Cybersecurity Book: Cybersecurity for Executives in the Age of Cloud

Bug
Root
Rename
Account
Aws Organizations
Recommended from ReadMedium
avatarKubeSphere
Cloud Native Weekly:Alternatives to Docker

Open Source project recommendations

4 min read
avatarSatyam Pathania
SOC Analyst Roadmap for 2025: Your Step-by-Step Self-Study Guide

{Updated} — This is an updated article with new resources and few more steps breakdowns

6 min read
avatarDa Money Hacker
3 Legit Websites That You Can Use to Earn an Extra $400/Day

Easy as pie…

3 min read
avatarCarlyn Beccia
Trump Fiddles While Musk Burns Down MAGA

Musk unleashes his anger on MAGA Republicans and vows "war."

8 min read
avatardurairaja sivam
HashiCorp Vault on Kubernetes: Secret Injection Using the External Secrets Operator

In the modern cloud-native ecosystem, securely managing secrets is critical to application deployment and management. HashiCorp Vault is a…

3 min read
avatarAustin Starks
I used OpenAI’s o1 model to develop a trading strategy. It is DESTROYING the market

It literally took one try. I was shocked.

8 min read