Updating the Amazon Web Services email address for a member account with Amazon Organizations

For increased security and administrative resilience, IAM principals in the management account (that have the necessary IAM permissions) can centrally update a Amazon Web Services email address (also referred to as the primary email address) for any of their member accounts without having to sign into each account individually. This gives administrators in the management account (or in a delegated administrator account) more control over their member accounts. It also ensures that Amazon Web Services email addresses from any member accounts across your Amazon Organizations can be kept up to date, even when you may have lost access to the original Amazon Web Services email address or administrative credentials.

When the Amazon Web Services email address is changed centrally by a management account administrator, both the password and MFA configuration will remain the same as they were before the change. Note that MFA can be bypassed by a user with control of an account’s Amazon Web Services email address and primary contact phone number.

To update the Amazon Web Services email address of a member account in your organization, your organization must have previously enabled all features mode. Amazon Organizations in consolidated billing mode or accounts that are not part of an organization, cannot update their Amazon Web Services email address centrally. Users that want to change the Amazon Web Services email address for accounts that are unsupported by the API should continue to use the Billing Console to manage their Amazon Web Services email address.

For step-by-step instructions on how to update your member account's Amazon Web Services email address, see Update the Amazon Web Services email for any Amazon Web Services account in your organization in the Amazon Account Management Reference Guide.