Keep your security contact details up to date

Allow AWS Security teams to contact you if we detected a security issue in your infrastructure

Ensure that the security contacts are up to date, and that the mail address is monitored regularly, so that we can communicate with you to alert you about abuse or potential security incidents in your infrastructure that AWS detected.

If AWS detects an access key unintended disclosure on the web (such as a public code repository) we will notify you using the Security contacts.

Security Contacts

Consider the “Forgot My Password” process

Ensure that you are configuring a secure mail server as the mail address can be used to restore the root password using the “Forgot my password” process.

Restrict access to the phone configured as with the mail and the phone MFA can be bypassed through the “Sign In Using Alternative Factors of Authentication”. Learn more on this subject here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html

Updating Contacts in AWS Organizations

The update of the security contacts can now be done through AWS Organizations ( Announcement ) and you can also Programmatically manage alternate contacts on member accounts with AWS Organizations .