Skip to main content

Centralized root access for member accounts

note

Support for this functionality will be available beginning 2 December, 2024.

AWS supports centralized management of root user credentials for AWS Organizations. Stax enables this capability for all Stax-managed AWS Organizations.

For AWS accounts created before this functionality was introduced on 2 December 2024, you may use the IAM Root access management console to delete the Root user credentials for that AWS account.

For AWS accounts created after this functionality was introduced on 2 December 2024, root user credentials are not provisioned for these accounts and as such no action is required.

Considerations

  • Stax does not delegate this responsibility to a member account, rather requiring that all root user actions for member accounts are taken from the management account in the AWS organization
  • Suitably crafted SCPs and IAM roles can block users from taking these actions in your AWS accounts. Stax does not override these SCPs or IAM roles when configured, so organizations wishing to restrict this behaviour should do so using one of these methods
  • While not unique to Stax, it is important to understand that this functionality does not apply to the root user credential in the organization management account, which continues to have a root user credential