[英]Transferring AWS Root Account access when MFA is enabled
I have been managing an AWS account for about a year. 我已经管理了大约一年的AWS账户。 Typical " best practices " security setup: 典型的“ 最佳做法 ”安全设置:
I would like to now transfer "ownership" of this entire AWS account (Root account & all) to someone else. 我现在想将整个AWS账户(根账户及所有)的“所有权”转让给其他人。 While I can certainly give them the username + password to login as Root, they will need MFA setup as well. 虽然我可以为他们提供用户名+密码以Root身份登录,但他们也需要MFA设置。
The only way I can think of handling this is to: 我认为处理此问题的唯一方法是:
Does the AWS web console provide any better solutions? AWS Web控制台是否提供任何更好的解决方案? I'm not even sure if its possible to disable MFA on an account (let alone Root) once its set... 我什至不确定是否有可能在设置了帐户后禁用MFA(更不用说Root)了...
Thanks in advance! 提前致谢!
To deactivate the MFA device for your AWS account root user (console) 为您的AWS账户root用户停用MFA设备(控制台)
Use your AWS account root user credentials to sign in to the AWS Management Console. 使用您的AWS账户root用户凭证登录到AWS管理控制台。
Important 重要
To manage MFA devices for the AWS account, you must sign in to AWS with your AWS account root user credentials. 要为AWS账户管理MFA设备,您必须使用您的AWS账户根用户凭证登录到AWS。 You cannot manage MFA devices for the root user with other credentials. 您不能使用其他凭据来为root用户管理MFA设备。
On the navigation bar, choose your account name, and then choose My Security Credentials. 在导航栏上,选择您的帐户名,然后选择“我的安全证书”。 If a prompt appears, choose Continue to Security Credentials. 如果出现提示,请选择“继续使用安全凭证”。
 
Expand the Multi-Factor Authentication (MFA) section. 展开“多重身份验证(MFA)”部分。
In the row for the MFA device that you want to deactivate, choose Deactivate. 在要停用的MFA设备的行中,选择“停用”。
The MFA device is deactivated for the AWS account 已为AWS账户停用MFA设备
You asked three questions.Let us look on by one 您问了三个问题,让我们一个看一下
1.Disable MFA on the Root account 1.禁用Root帐户的MFA
To deactivate the MFA device for your AWS account root user (console) follow these steps 要为您的AWS账户root用户(控制台)停用MFA设备,请执行以下步骤
My Security Credentials
在导航窗格的右上角,您可以看到“ My Security Credentials
2.Give them the logins for the Root account 2.给他们根帐户的登录信息
For this you follow this AWS documentation which clearly shows How do I transfer my account to another person or business? 为此,请遵循此AWS文档,该文档清楚地显示了如何将我的账户转移给其他人或企业? .For this there is no need of Technical support package, your Basic Support package is enough. 为此,不需要技术支持包,您的基本支持包就足够了。
3.Trust that they will re-enable MFA as soon as possible 3.相信他们会尽快重新启用MFA
For this you have to ask them whoever you are transferring the account to enable the MFA. 为此,无论您要转移谁来启用MFA,您都必须询问他们。 You can also teach them the need of MFA and it's security needs. 您也可以教他们MFA的需求及其安全需求。
As mentioned, it's possible to remove an MFA from an account once it's been added. 如前所述,可以在添加帐户后从帐户中删除MFA。 You also have two options for transferring the root account with MFA enabled: 对于启用了 MFA的根帐户,您还有两个选择:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.