- Newest
- Most votes
- Most comments
If you still have access to the email that is registered as the root account and primary contact phone, you can go through the additional verification steps to sign in without MFA. If you don't, then completing the required form is the only option. AWS is treating all accounts equally confidential regardless it is used for study by a student or for production by an enterprise. The same procedure has to be followed to prevent account fraud\takeover from happening.
If you've lost the 2FA device you can still get access to the account, as you you still have access to the primary email and phone number https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html#root-mfa-lost-or-broken
This means that if you can't sign in with your MFA device, you can sign in by verifying your identity using the email and the primary contact phone number registered with your account.
Before you use alternative factors of authentication to sign in as a root user, you must be able to access the email and primary contact phone number that are associated with your account. If you need to update the primary contact phone number, you can sign in as an IAM user with Administrator access instead of the root user. For additional instructions on updating the account contact information, see Editing contact information in the AWS Billing User Guide. If you do not have access to an email and primary contact phone number, you must contact AWS Support.
As you have lost your phone, I guess this would mean getting a new SIM card from the same provider, and getting your mobile phone service provider to port the number to the new SIM card.
Also, and this is no use to you now but I hope it may help you (or others reading this) in future, with Google Authenticator you can have the same 2FA codes across multiple devices.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago