Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Update the Amazon Web Services email address
There are various business reasons why you might need to update the Amazon Web Services email address of
your Amazon Web Services account. For example, security and administrative resilience. This topic walks
you through the process of updating your Amazon Web Services email address for both
standalone and member accounts.
Changes to an Amazon Web Services account can take up to four hours to propagate everywhere.
You can update the Amazon Web Services email differently, depending on
whether or not the accounts are standalone, or part of an organization:
Update the Amazon Web Services email for a standalone
Amazon Web Services account
To edit the Amazon Web Services email address for a standalone Amazon Web Services account, perform the steps
in the following procedure.
- Amazon Web Services Management Console
-
You must sign in as the Amazon Web Services account root user, which requires no additional
IAM permissions. You can't perform these steps as an IAM user or
role.
Use your Amazon Web Services account's email address and password to sign in to
the Amazon Web Services Management Console as your Amazon Web Services account root user.
-
In the upper right corner of the console, choose your account name
or number and then choose Account.
-
On the Account page, next to
Account details, choose
Actions and then select Update
email address and password.
-
On the Account Details page, next to
Email address choose
Edit.
-
On the Edit Account Email page, fill out the
fields for New email address, Confirm
new email address, and confirm your current
Password. Then, choose Save and
continue. A verification code is sent to your new
email address from no-reply@verify.signin.aws.
-
On the Edit Account Email page, under
Verification code, enter the code you
received from your email, and then choose Confirm
updates.
It can take up to 5 minutes for the verification code to
arrive. If you don’t see the email in your inbox, check your
spam and junk folders.
- Amazon CLI & SDKs
This task isn't supported in the Amazon CLI or by an API operation from
one of the Amazon SDKs. You can perform this task only by using the Amazon Web Services Management Console.
Update the Amazon Web Services email for any
Amazon Web Services account in your organization
To edit the Amazon Web Services email address for any member account in your organization using
the Amazon Organizations console, perform the steps in the following procedure.
You can also update the Amazon Web Services email address for a member account directly from the
Account
page in the Amazon Web Services Management Console after signing in as the root user. For step-by-step
instructions, follow the steps provided in Update the Amazon Web Services email for a standalone
Amazon Web Services account.
- Amazon Management Console
-
-
To perform this procedure from the management account or a
delegated admin account in an organization against member
accounts, you must enable trusted access for the Account Management
service.
-
You can't use this procedure to access an account in a
different organization from the one you're using to call the
operation.
To update the Amazon Web Services email
address for a member account using the Amazon Organizations
console
-
Sign in as a user or role that has the required minimum
permissions of portal:ModifyAccount in the management
account that you want to close.
-
On the Amazon Web Services accounts page, choose the member
account for which you want to update the Amazon Web Services
email address.
-
In the Account details section, choose the
Actions button, and then choose
Update email address.
-
Under Email, enter the new email
address for the member account, and then choose
Save. This sends a one-time password (OTP)
to the new email address.
If you need to close this page in the Organizations console
while you wait for the code, you can return and finish the OTP
process within 24 hours from when the code was sent. To do this,
while on the Account details page, choose
the Actions button, and then choose
Complete email update.
-
Under Verification code, enter
the code that was sent to the new email address in the previous
step, and then choose Confirm. This commits the
update to the Amazon Web Services email address for the
account.
- Amazon CLI & SDKs
-
You can retrieve, or update the Amazon Web Services email
address by using the following Amazon CLI commands or their Amazon SDK equivalent
operations:
-
To perform these operations from the management account or a
delegated admin account in an organization against member
accounts, you must enable trusted access for the Account Management
service.
-
You can't access an account in a different organization from
the one you're using to call the operation.
For each operation, you must have the permission that maps to that
operation:
If you use these individual permissions, you can grant some users the
ability to only read the Amazon Web Services email
address information, and grant others the ability to both
read and write.
To complete the Amazon Web Services email address process, you must use the
primary email APIs together in the order they are shown in the examples
below.
Example GetPrimaryEmail
The following example retrieves the Amazon Web Services email
address from the specified member account in an
organization. The credentials used must be from either the
organization's management account, or from the Account Management's
delegated admin account.
$ aws account get-primary-email --account-id 123456789012
Example StartPrimaryEmailUpdate
The following example starts the Amazon Web Services email
address update process, identifies the new email address,
and sends a one-time password (OTP) to the new email address for the
specified member account in an organization. The credentials used must
be from either the organization's management account, or from the
Account Management's delegated admin account.
$ aws account start-primary-email-update --account-id 123456789012 --primary-email john@examplecorp.com
Example AcceptPrimaryEmailUpdate
The following example accepts the OTP code and sets the new email
address to the specified member account in an organization. The
credentials used must be from either the organization's management
account, or from the Account Management's delegated admin
account.
$ aws account accept-primary-email-update --account-id 123456789012 --otp 12345678 --primary-email john@examplecorp.com