Register a valid security contact in the AWS account settings
Why this matters
AWS uses the security contact information in your account settings to notify your organization about security incidents, vulnerabilities, or misuse alerts. If no contact is provided—or if it's outdated—your security team may miss urgent messages from AWS. This can delay incident response or even lead to automated throttling of services.
What this check does
This check verifies whether your AWS account has a security contact registered in the Alternate Contacts section of the account settings. It checks that the required fields (email, phone number, and name) are filled out.
If the security contact is not configured, the check will fail.
How to fix it
From the AWS Console
Sign in to the AWS Console
Click your account name in the top-right corner and select My Account
Scroll down to the Alternate Contacts section
Click Edit next to the Security Contact
Provide the following:
Name (person or team)
Email address (ideally a monitored alias, e.g., security@yourdomain.com
)
Phone number (optional, but recommended)
Click Update to save changes
From the AWS CLI
aws account put-alternate-contact \
--alternate-contact-type SECURITY \
--email-address security@yourdomain.com \
--name "Security Team" \
--phone-number "+491234567890"
We recommend using distribution lists or shared mailboxes so alerts don’t rely on one individual being available.
Exceptions
There are no accepted exceptions to this requirement. Every AWS account should have a valid security contact, regardless of whether it’s used for production or testing.
Best Practices
Use email aliases like security@yourdomain.com
Review contact data quarterly
Routinely test that your security alias forwards to the right people