The procedure for logging into the account when AWS Root MFA is lost is as follows.
Email verification
Phone verification (enter the 6-digit number displayed on the webpage when receiving the call)
Success
Login
However, if verification fails with the above method, the following procedure applies.
Request AWS Support through the Support Portal
Phone verification
Submit notarized documents (fill out the form provided by AWS, visit a notary office for notarization, and submit to AWS)
AWS Review
Login
Therefore, the following methods are recommended to prevent Root loss.
Use a company/team shared email address for the Root account email instead of a personal account, so that recipients can be managed internally (for multiple recipients or when the Root user is absent such as resignation)
Set the contact number to one accessible by team members or account managers rather than a personal phone number (such as office phone)
If unavoidable, continuously update email/contact information when changing the AWS Root account administrator
When setting AWS Root MFA, manage double backups of the key value and QR code capture files