My customer has decided to change company name, domain name and pretty much everything. Customer in question is using AWS Control Tower for consolidated billing, SSO and ease of management. What needed to be done:

• change tax(VAT) settings and payment method
• change name of Organization
• change email of Organization
• update email addresses in all AWS accounts
• update Contact Information(company name, address and website) in all AWS accounts
• replace domain name in SSO logins

Change of tax(VAT) settings and payment method is a no-brainer. Login into Root account which was used to setup AWS Control Tower and you will find both in Billing console. Thanks to consolidated billing and Enable Tax Settings Inheritance tax settings will be updated in all AWS accounts(which is great). On the other hand, payment method is set only in Root account.

Name and email of Organization propagate from Root account. Therefore, all you have to do is to change Account Name and email address in the Root account. Both can be found in Account Settings.

At fist, I was in denial that email of AWS account can be changed. However, as it turned out it's possible to change it through billing console and my information was either old or incorrect. Sadly, you have to log into each and every AWS account. Directly, not trough SSO. You can change Contact Information through SSO, but not email address. I haven't found any API or any other way. If there is one, I'd love to hear about it!

This presents problem for user's AWS accounts unless you the password, which you don't. You cannot get password reset link either, unless you have access to user's mailbox in question. I guess one way to work around this problem is to set AWS account email address to something you control and SSO user email to (the real) user's email.

It's possible to update Contact Information(company name, address and website) either through SSO or by logging directly into AWS account.

replace domain name in SSO logins

— Zdenek Styblik 2021/03/24 09:00