I lost my phone associated with 2FA

0

Please, I have an AWS account used for homologation purposes / certification studies, not used for production loads.

I had configured multi-factor authentication on both IAM accounts (root user and another with administrative privileges), and the application linked to the phone number was disabled because it was lost/stolen.

The problem I have is: I can no longer access the account because I can't validate my multi-factor authentication, as I no longer have the cell phone. I filed a technical ticket with AWS support, and was sent a form to fill in with my account information, but it is required to be authenticated (I live in Brazil).

My question is: as it's a study account, I don't see any advantage in paying for a document authentication in order to recover the account. If I don't, I won't have access to it. Creating another account will cause the system to criticize that the credit card number and/or e-mail is already in use, as it will be associated with the account I no longer have access to. Is there any way I can ask AWS support to delete my account so that I can create a new one, using the e-mail address and credit card already provided?

If so, to which e-mail address should I send the request, along with the documents proving that I own this lost account?

2 Answers
1
Accepted Answer

If you still have access to the email that is registered as the root account and primary contact phone, you can go through the additional verification steps to sign in without MFA. If you don't, then completing the required form is the only option. AWS is treating all accounts equally confidential regardless it is used for study by a student or for production by an enterprise. The same procedure has to be followed to prevent account fraud\takeover from happening.

profile pictureAWS
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile picture
EXPERT
reviewed a month ago
1

If you've lost the 2FA device you can still get access to the account, as you you still have access to the primary email and phone number https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html#root-mfa-lost-or-broken

This means that if you can't sign in with your MFA device, you can sign in by verifying your identity using the email and the primary contact phone number registered with your account.

Before you use alternative factors of authentication to sign in as a root user, you must be able to access the email and primary contact phone number that are associated with your account. If you need to update the primary contact phone number, you can sign in as an IAM user with Administrator access instead of the root user. For additional instructions on updating the account contact information, see Editing contact information in the AWS Billing User Guide. If you do not have access to an email and primary contact phone number, you must contact AWS Support.

As you have lost your phone, I guess this would mean getting a new SIM card from the same provider, and getting your mobile phone service provider to port the number to the new SIM card.

Also, and this is no use to you now but I hope it may help you (or others reading this) in future, with Google Authenticator you can have the same 2FA codes across multiple devices.

profile picture
EXPERT
Steve_M
answered a month ago
profile picture
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions