Comment by noahmasur
19 hours ago
You can always use plus-addressing if your email provider supports that. AWS considers plus-addressed root emails to be unique.
19 hours ago
You can always use plus-addressing if your email provider supports that. AWS considers plus-addressed root emails to be unique.
Doesn’t solve the SSO issue though unless you change your login email
I don't really understand that problem, exactly. I'm not aware of any restrictions for using AWS Identity Center (SSO) with an email address that happens to be a root email for another AWS account.
I checked the documentation but I couldn't find anything to show this to be a problem other than that the practice is discouraged.
I create "job function" DLs. "Company-Region-IT Manager". Then give that DL it's own SMTP address. Then use that.
It's really nice when you have to hire someone new for the position. You add them to the DL and they're automatically in control of all those accounts.
I have no idea why more companies don't do this.
Or you don't have employees using their personal email to open corporate accounts.
Still on Amazon to clearly tell people it is this way so they can properly plan for it, but employee's email addresses really shouldn't be used for the root account.
That’s not what’s being described here. What OP described is the much more common situation where employees use a personal phone for MFA. Sure, some places issue hardware dongles and disallow authenticator apps on your personal phone, but IME most places default to just having people use their phone.