28

I recently enabled Amazon Web Services on my personal Amazon account, but I would like to have separate login credentials. I know that I can use IAM to create different users within AWS, but I'm still left with the same login credentials for my AWS root account and my personal Amazon account.

Attempting to change the password from within Web Services changes the password for my personal account too.

Obviously, one solution is to create an account with a different e-mail address, however, pages like this seem to indicate that this is unnecessary:

If you have a personal Amazon.com account, you might want to have a separate Amazon.com account just for your AWS activity. You could provide a new e-mail address not already in the Amazon.com system, or provide an e-mail address for an existing Amazon.com account you have but use a different password. You can have multiple Amazon.com accounts that use the same e-mail address, but different passwords.

If I try to sign up for Amazon Web Services with the same e-mail and a different password, I am told that an account already exists with that address. If I try to sign up for Amazon.com, I am told:

There is already an Amazon account with the e-mail example@example.com.

If you create a new account with the same e-mail, the existing account will be disabled.

So, my question is, how can I use the same e-mail address for my personal Amazon account and my Web Services root account, but with a different password? Is this perhaps not possible, and the information above is outdated?

Community
  • 1
Ellis
  • 481
  • 1
  • 5
  • 9
  • 5
    Why not ask Amazon how to do this? Wouldn't that be the most efficient and effective way of finding out and getting this resolved? – joeqwerty Mar 31 '14 at 11:04
  • You are probably right, for some reason I didn't even think of that! Is it not worth leaving this question open for now, however, in case I get a response from Amazon that could be useful to others? – Ellis Mar 31 '14 at 11:30
  • 1
    Sure. If you get a resolution from Amazon you can post it here as an answer to your question. That way you'll earn some reputation points and you'll enlighten us at the same time. – joeqwerty Mar 31 '14 at 11:32
  • I sense some sarcasm there. I don't particularly care about reputation points, I genuinely thought that other people might be interested. 1 person presumably is since they upvoted the question. – Ellis Mar 31 '14 at 11:35
  • 2
    No sarcasm from me. If you get an answer and and post it here you'll enlighten us and get some rep for yourself. What's sarcastic about that? – joeqwerty Mar 31 '14 at 11:37
  • Ah, sorry. Just your use of the word enlighten! Ignore me :) – Ellis Mar 31 '14 at 11:43
  • No worries...... – joeqwerty Mar 31 '14 at 11:44

2 Answers2

9

I've received confirmation from Amazon that this is no longer possible and that the page linked in my question is out-dated. I was advised to use Identity and Access Management (IAM) should I need to provide multiple users access to one AWS account.

Ellis
  • 481
  • 1
  • 5
  • 9
  • 8
    Fair enough, IAM users for multiple accounts **on AWS**. But do I really have to go shopping on Amazon with my AWS root credentials?? As you pointed out, changing the email address on one service also changes it on the other, so no way of having separate passwords. The only way seems to be to sign up and maintain a totally new account. Or did I miss something? – PiQuer Sep 15 '14 at 00:35
  • 2
    It seems that way. One possible thing to do is to enable multi-factor authentication for AWS, so your AWS account requires more information for login than your Amazon account, but I don't see much else that can be done. – Ellis Sep 15 '14 at 08:58
  • 2
    You can add MFA to your AWS root account and it works well. However, if you want to add MFA to your regular Amazon.com account at the same time, it can create a conflict especially if you're using Google Authenticator to generate your auth codes. Sometimes signing into Amazon.com will prompt you for your AWS auth code, and it's just very confusing. I talked with an AWS rep this morning and he confirmed it's a known issue. So, just be careful with it. – cliff.meyers May 13 '17 at 15:44
  • @cliff.meyers you're right, it does seem to be problematic. I've enabled MFA for both, and while I've never been unable to log in, there have been some times where it's been totally unclear which code I need to provide. – Ellis May 15 '17 at 09:43
4

Some (most? all?) email services support using + to append arbitrary suffixes to email addresses; for example, email to me+throwaway@example.com will be received by me@example.com.

I use Gmail, and just signed up for a new AWS account using this mechanism; Amazon distinguishes my.amazon.account@gmail.com and my.amazon.account+aws@gmail.com, so I was successfully able to separate it from my regular Amazon account. I then set up a Gmail filter to tag/categorize incoming mail based on the +aws bit.

zweiterlinde
  • 141
  • 2
  • 1
    But precisely how did you set up two separate email addresses? When I change AWS, the change is reflected in my Amazon personal account. – Dogweather Oct 07 '19 at 22:45
  • 1
    On the gmail side, it's a single address---on the Amazon side, I set up a completely separate (new) account with the `+` address. As you found, you can't just change the email address on the existing AWS account because that will affect your personal one too. – zweiterlinde Oct 11 '19 at 14:54