Check provider logo

AWS account has distinct Security, Billing, and Operations contact details, different from each other and from the root contact

account_maintain_different_contact_details_to_security_billing_and_operations

Severitymedium
Serviceaccount
by Prowler
resilience

AWS account alternate contacts are defined for Security, Billing, and Operations with name, email, and phone. The finding evaluates that all three exist, are distinct from one another, and differ from the primary (root) contact.

Risk

Missing or shared contacts can delay response to abuse alerts, credential compromise, or billing anomalies, reducing availability (possible AWS traffic throttling) and raising confidentiality and integrity risk through extended exposure. If AWS cannot reach you, urgent mitigation may disrupt service.

Run this check with Prowler CLI

prowler aws --checks account_maintain_different_contact_details_to_security_billing_and_operations

Run in Prowler Cloud

Recommendation

Maintain distinct, monitored Security, Billing, and Operations alternate contacts that differ from the root contact.

  • Use team aliases and 24x7 phones
  • Review and test contact paths regularly
  • Centralize at org level for consistency

Applies operational resilience and separation of duties.

Remediation

Terraform
Other
  1. Sign in to the AWS Management Console with a user that can edit account contacts (root, or IAM with account:PutAlternateContact)
  2. In the upper right, click your account name > Account
  3. Scroll to "Alternate contacts" and click Edit
  4. Add all three contacts with unique details:
    • Billing contact (distinct name, email, phone)
    • Operations contact (distinct name, email, phone)
    • Security contact (distinct name, email, phone)
  5. Ensure each contact’s email/phone differs from each other and from the primary (root) contact, then click Update

Source Code

Resource Type

Other

References