AWS account vs Amazon consumer account

Question

I am a longtime Amazon.com customer, and now I am interested in using Amazon Web Services (AWS). So I have a question on creating an AWS account.

1. Do I have an option to create an AWS account that's completely separate from my Amazon.com account (with different email addresses)?

2. What would happen if I use the same email address for AWS and Amazon.com?

Answer 1

These are both great questions

First,

Yes, you can and SHOULD create an aws root account email that is unique for your AWS account(s). While approaches may vary, and your email server may filter out what would otherwise be perfectly applicable emails, here is how I do it

I create an email account that is ONLY for my AWS root accounts. AWS Requires EVERY AWS account to have a unique email

here is my pattern: [email protected]

I have an admin (Organization) account, so I use the following email: [email protected]

I have one prod, one test and one dev account. Here are the following email patterns:

[email protected]; [email protected]; [email protected].

I've also used the pattern: [email protected] where 123456789012 represents the AWS Account number.

These are all interpreted as unique by AWS but route to the same email account: [email protected]

One last comment. I have another client who uses MS Exchange and for some reason the [email protected] has the 'extension' portion filtered out, and these emails do NOT process. In this biz we worked around this by creating alias' emails that are still unique to AWS and aliased them in the exchange server to the awsadmin@ email. does the job. probably not best practice, but in a pinch...

Second

Yes. You can link your AWS and amazon.com accounts to the same root user email.
DON'T DO IT

This is generally an anti-pattern. NOT best practice, and fraught with problems...

I know of no good reason to do this. Once done, it is nigh near impossible to convince AWS - AMAZON to unlink these accounts. You WONT be able to separate them yourself - they are strongly coupled once the link is made. you might succeed in separating your AWS and AMAZON account if you are a paying customer of AWS business or Enterprise level support, and even then, they may tell you to just delete the AWS account if you don't want AWS and amazon shared.

Answer 2

My Amazon Retail account was compromised last week. I closed it and guess what - no access to my Amazon AWS account. On querying this I was told (by Amazon) that you have to have an Amazon Retail account and that it has to be THE SAME account as your AWS one.

So a service that is a honeypot for criminals gives them the keys to your Web based business, and Amazon have zero interest in separating the two. That is nuts - sites are moving next week, can't take the risk.

People have been shouting about it on the Amazon forum for years, so I think that whilst there may be workarounds the fundamental principle must be correct. I can't risk playing about with workarounds for something as dumb as this.