How Linkage Happens

Prior to May 2017: 

1. If you created an AWS account with email address xyz123@cornell.edu, and there was no existing Amazon.com account for xyz123@cornell.edu then functionally, an Amazon.com account was also created for xyz123@cornell.edu and those two accounts (AWS and Amazon.com) are linked.
2. If you created an AWS account with email address xyz123@cornell.edu, and there already was an existing Amazon.com account for xyz123@cornell.edu, then the two accounts will be linked.

Checking Linkage

We can ask our AWS Technical Account Manager to check whether linkage exists for any of our AWS accounts under the Cornell master AWS Organization. Contact him directly.

Ramifications

If linkage exists:

• If you were to change the root email address for the AWS account, it would also change the email address for the Amazon.com account.
• If you were to change the email address for the Amazon.com account, it would also change the root email address for the AWS account.
• AWS/Amazon cannot current manually unlink or decouple these accounts.
• If the Amazon.com account is closed, the AWS account will be closed. (Statement from AWS TAM.)
• If the AWS account is closed, the Amazon.com account remains active. (Confirmed with AWS Support.)

Removing linkage:

• To decouple the 2 accounts a ticket to AWS Support must be placed:

  AWS Support Request

  "This account is currently linked to an Amazon Retail account and needs to be separated from that, please begin the decoupling process for this account"

• Support will confirm once that has been completed on their end.
• Next steps:
  1. Login to the AWS account with root credentials and perform password change process by creating a new AWS root password.

  2. Update the root account email address to a new email address for that account.

     If this is a Cornell Owned AWS Account, contact the CIT Cloud Team to update the root email address

  3. (If present) - Remove existing IAM MFA authentication methods for the root account.
  4. Logout and back in with new root email address and newly created password from step 1.
     1. Doing this may trigger a security event that needs approval just once, approve.
        
  5. Logout of the previously connected personal Amazon Retail account and back in with previous/existing retail credentials to confirm accounts are now separated.