Access AWS Account Root User Credential

To increase security of your accounts, Stax blocks actions by the root user credentials.

Article Tags
On This Page
Before You BeginRequesting a Temporary Lifting of RestrictionsWhat Happens Next?See also

When taking actions in your AWS Application Accounts with root user credentials, you may find that the AWS Console or API does not return information or permit you to perform certain tasks. This is due to a policy Stax implements to prevent the root user credentials from taking any actions in AWS Application Accounts, thereby improving the security of the accounts.

There are some actions that only the root user credentials can perform. These can be reviewed by visiting the AWS General Reference.

In the event that you need to perform any of these tasks, you must request that Stax temporarily lifts these restrictions.

Before You Begin

  • This procedure applies only Stax tenancies with an account ownership model permitting you to log in with root user credentials. If your account ownership model differs from this, you'll need to raise a support case requesting that Stax perform these actions on your behalf
  • You'll need assistance from someone who is an admin in your Stax tenancy

Requesting a Temporary Lifting of Restrictions

Stax can lift the root user credential restrictions for between one and four hours. To authorise this, perform the following steps:

  1. Determine the AWS Account IDs for the accounts you need the limitation removed in. You can retrieve these on the Accounts page in Stax
  2. Determine the time period you need the restrictions lifted for, and if appropriate, the time at which you'd like the restrictions to be lifted. You'll need to provide a number of hours, from a minimum of one hour, to a maximum of four hours
  3. Have someone who is a member of the Admin role in your Stax tenancy raise a support case requesting that the restrictions be temporarily lifted

Below is an example of a support case that will allow our engineers to resolve your issue quickly:

Support Case FieldExample Content
TypeAccount and Billing
CategoryAWS Account
Severity(As appropriate)
SubjectTemporarily remove root user credential restrictions for AWS Account ID: account ID
DescriptionHi,
Please unblock the AWS Root User Policy for a period of 4 hours for AWS Account ID(s): 123456789012, 123456789013.
(Optional) I would like the limitations to be lifted commencing at Start time UTC.

Replace bolded items in the Subject and Description fields above with the appropriate values for your scenario. Remember to convert to UTC time to account for time zones.

What Happens Next?

The Stax team will notify you when the limitations have been raised and you can perform root user credential actions as required. When the time period expires, the restrictions will automatically be restored.

The time period cannot be extended once it has commenced. If you need more time to perform your actions, you'll need to request a new time period using the process on this page.

See also