When we onboard existing AWS accounts into the main Cornell AWS Organization, we need administrator-level access to the account in order to implement our Standard AWS Account Configurations. These instructions shown how to accomplish that.
Option 1 - (Preferred) Provide root user credentials
The root user of your AWS account is the main email address you used when you created the account.
- Login to the AWS web console for your AWS account using the root user (i.e., root email address and associated password). This tests to ensure that those credentials are still valid.
- If you had to use MFA when you logged in, then you need to remove MFA for that root user so that Cloud Team folks can use the root credentials without having the MFA key.
- If MFA is set for the root user, follow the instructions labeled "To deactivate the MFA device for your AWS account root user (console)" on this page https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_disable.html
- If MFA is set for the root user, follow the instructions labeled "To deactivate the MFA device for your AWS account root user (console)" on this page https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_disable.html
- You have two options to send the root user credentials to the Cloud Team:
- Via Cornell Dropbox:
- Create a plain text file containing the root email address and password.
- Login to https://dropbox.cornell.edu/ and send the file to the Cloud Team staff person you are working with. If unsure, send it to pea1@cornell.edu. Instructions for using Cornell Dropbox are here: https://it.cornell.edu/tags/cornell-dropbox
- Via LastPass:
- Create a LastPass folder and share it with the Cloud Team staff person you are working with. If unsure, share it with pea1@cornell.edu.
- Add the LastPass record (site or note) containing the root credentials for the AWS account into the shared folder.
- Via Cornell Dropbox:
Option 2 - Create a new IAM user
With this option, you create a new AWS IAM user and provide those credentials to provide access to your account for the Cloud Team.
- Login to the AWS web console for your AWS Account.
- Use these instructions to create a new user: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console
- Use "cloudteam" as the username.
- Be sure to allow "AWS Management Console access"
- Choose "Attach existing policies to user directly" and attach "AdministratorAccess" to the new user.
- Be sure to save the password set for the new user.
- You have two options to send the IAM user credentials to the Cloud Team:
- Via Cornell Dropbox:
- Create a plain text file containing the IAM user name and password.
- Login to https://dropbox.cornell.edu/ and send the file to the Cloud Team staff person you are working with. If unsure, send it to pea1@cornell.edu. Instructions for using Cornell Dropbox are here: https://it.cornell.edu/tags/cornell-dropbox
- Via LastPass:
- Create a LastPass folder and share it with the Cloud Team staff person you are working with. If unsure, share it with pea1@cornell.edu.
- Add the LastPass record (site or note) containing the IAM user credentials for the AWS account into the shared folder.
- Via Cornell Dropbox: