Access AWS Account Root User Credential

To increase security of your accounts, Stax blocks actions by the root user credentials.

Article Tags
On This Page
Before You BeginRequesting a Temporary Lifting of RestrictionsWhat Happens Next?See also

When taking actions in your Stax-managed AWS accounts with root user credentials, you may find that the AWS Console or API does not return information or permit you to perform certain tasks. This is due to a policy Stax implements to prevent the root user credentials from taking any actions in Stax-managed AWS accounts, thereby improving the security of the accounts.

There are some actions that only the root user credentials can perform. These can be reviewed within the AWS General Reference. In the event that you need to perform any of these tasks, you must request that Stax temporarily lifts these restrictions.

Before You Begin

  • Ensure you are a member of the Admin role in your Stax tenancy
  • Ensure you are the owner of the account in question per your Stax tenancy's Account Ownership Model

Requesting a Temporary Lifting of Restrictions

Stax can lift the root user credential restrictions for between one and four hours. To authorize this, perform the following steps:

  1. Determine the AWS Account IDs for the accounts you need the limitation removed in. You can retrieve these on the Accounts page in Stax
  2. Determine the time period you need the restrictions lifted for, and if appropriate, the time at which you'd like the restrictions to be lifted. You'll need to provide a number of hours, from a minimum of one hour, to a maximum of four hours
  3. Raise a support case requesting that the restrictions be temporarily lifted

Below is an example of a support case that will allow our engineers to resolve your issue quickly:

Support Case FieldExample Content
TypeAccount and Billing
CategoryAWS Account
Severity(As appropriate)
SubjectTemporarily remove root user credential restrictions for AWS Account ID: account ID
Please unblock the AWS Root User Policy for a period of 4 hours for AWS Account ID(s): 123456789012, 123456789013.
(Optional) I would like the limitations to be lifted commencing at Start time UTC.

Replace bolded items in the Subject and Description fields above with the appropriate values for your scenario. Remember to convert to UTC time to account for time zones.

What Happens Next?

The Stax team will notify you when the limitations have been raised and you can perform root user credential actions as required. When the time period expires, the restrictions will automatically be restored.

The time period cannot be extended once it has commenced. If you need more time to perform your actions, you'll need to request a new time period using the process on this page.

See also