Ask HN: AWS account expires in 2 weeks. Can't login, but they keep asking me to

59 points by NicoJuicy ↗ HN
My small AWS account which I use to handle emails from web applications and sites is not allowing me to log in anymore. ( i need to pay a small bill since that VISA is expired, which requires login)

I know my credentials and i can access my email. OTP is always successfull ( One Time Password).

I have my phone with me, but no notifications coming in ( I have never enabled MFA on this account, and i'm not receiving any SMS)

Every customer support issue directs me to urls where I need to login, but I can't.

Is there a way to let them call me and verifying my account without doing that verification step? Because that's literally the issue.

Or any other advice? ( It's a small account, but it will give me a lot of hassle and errors if i have to reconfigure every website/webapp and approve every email again. Setting me back for > 2-3 days)

Edit:

Thank you all!

I changed the default SMS app ( the default was the normal one for Android) and it showed me a lot of missed messages, including OTP ones from Amazon.

39 comments

[ 0.28 ms ] story [ 391 ms ] thread
Are you using signal as your main messaging app? If so restart your phone - i could not see sms due to their current issues somehow. Restarting fixed it.
No, using the default on android.

I'm just not sure if it's about a sms.

I haven't enabled MFA in the past, so there's no authenticator app running with Amazon.

Have you filled out this form? It’s not as good as a phone number, but they should be able to sort it out.

https://support.aws.amazon.com/#/contacts/aws-account-suppor...

Yes, that's the one I used to submit a ticket.

I only received follow up answers with urls where i needed to sign in. Which is really weird, because I can't.

They mentioned that those urls can be used with blocked accounts, but my account isn't blocked. I submitted screenshots with where the process goes wrong, but it seems that they are ignoring that crutial part :).

I always receive the message to confirm a notification on my phone during logging in, but there isn't one coming and I know they have my correct number and it hasn't changed in years.

Are you on a VPN? Have. You tried other networks/machines? Amazon blocks my login when I am on VPN
No, it's my home address and ISP where I have been living for 3 years ( Belgium).

Also, that's not the problem. The problem is a "notification" that isn't coming during the login process.

I can enter my password.

Then I need to enter my OTP through mail.

Then a notification on my phone number ( I'm not receiving this one)

Maybe not specific to your issue, but it took me a frustratingly long time and several password resets to realize that I had setup my AWS and Amazon Store account to each use TOTP 2FA, and they used two different codes. I occasionally need to use both in sequence to sign in.
I don't have 2FA activated. I literally don't receive a notification and the phone is fine.

I'm 100% sure the email is correct (they emailed me there that my VISA is expired)

> I occasionally need to use both in sequence to sign in.

Goodness...Elaborate?

I have someone in the company having a similar problem with Amazon VC. I can log in from their computer, but when they use their credentials they just never receive mfa codes
Any chance you’re using a VOIP service for your phone number? If AWS is sending their verification codes on a short code, they often don’t deliver unless you’re using an actual mobile carrier. This has been an issue for me on other services.
No, it's my own number since i was 16 ( x 2 now :p)
Possible that your provider has blocked SMS from Amazon? We (not Amazon...I don't work there) also see users of our service who have sent "STOP" to our SMS number occasionally and then complain we never send them 2FA codes. If you can see the number those SMS used to come from you can try sending a "START" to it, or check to see if they have been blocked from sending to you.
I have never had any issues with my provider. It's the biggest provider in Belgium and Belgium is not known to censor text messages.

So I think this possibility is really low. I'm pretty sure it's on Amazon's end, other verification messages always worked fine.

Doing an additional test though ( sending works fine, testing receiving now)

Thank you! This led me to the path of changing my default messaging app.

The default one of my mobile OS didn't seem to show all the messages!

hey NicoJuicy, there's a [dead] account called throw_nico commenting on everything. Is that also yours? Can you comment from your NicoJuicy account?
Try to unblock all phone numbers and resend the OTP.

I once couldn’t receive an OTP from mobile operator unless I unblocked some spam sender (they had alphanumeric caller ID). I guess they use same service/number for sending SMS?

What does this mean "I changed the default app"

What app? An amazon app? An SMS app? What was it changed from/to?

I've seen this happen with provider- or phone- default messaging apps on Android. Yet another reason to go with (at least) an unlocked phone.
I have a similar kafkaesque story from AWS.

Some time back I closed my Amazon account without deleting my AWS services first.

The result was that the services kept running and I kept being charged.

When I talked to AWS they said I should login and stop them. But since it's a single-sign-on, I had to talk to Amazon staff, who were insisting that once you delete an account you cannot restore it, so there was no way for me to login to stop the services.

No matter how much I tried to make AWS understand that it doesn’t make sense for my services to still be up when I deleted my account, they wouldn’t have it. I don’t think I have dealt with such arrogant, bad customer support before.

I had the exact same thing happen to me, AWS did delete half of the charges, but still left me with 700$ on the account. So obviously, now AWS isn't my first go-to place to do business.
I am pretty sure that they would lose in a small claims court, but probably most people who faced that can't bother
Do you have any recommendations for who's better? Isn't Google's customer service supposed to be pretty bad too?
I did gcp tutorial that left some resources running for a month. I eventually got charged around £300, I was able to talk to a human being and they sorted it out and refunded me. So they're still in my good books.
If you have S3 bucket logging turned on, the cost will continue to grow forever, because it's literally generating its own transaction charges and then snowballing the storage. It's like an evil genius's perpetual motion machine. You'd think they'd know how to delete all of those things when the account is closed, since they certainly know how to bill for them.
I once closed or deleted our s3 account (was a very long time ago). I recreated or reactivated the account and my files were still there and i got instantly charged all thr fees backwards to the day i closed the account.

They reimbursed though the charge.

While not directly related to the issue, I had a question (and semi-rant) in my mind for a very long time:

Haven't this scale of federation of services, "move fast and break things" approach, first to market races and rise of ready to use components and related machinery (containers, k8s, AWS, et al.) abused some well defined norms about technology and as a result aren't we in a somewhat broken state?

In the older days, we'd never have this kind of thing overlooked. You just weren't able to. Now things are much more complicated and this complicated services are assembled in a haphazard way to form big applications and platforms (e.g. too lazy to bind a folder with proper config to enable SSL, so put an NGINX https bridge container in front of it). As a result, the edge cases are not as edge anymore and breaking the configuration of a webapp is much easier.

Similarly this onion structure of abstraction over abstraction makes debugging and mending things much harder. To fix a one-off bug in a DB operation, you need to go to relevant container inside the pod, find its DB location, access if you can and update the table. That table maybe anywhere on this planet. This is impossible for a support engineer in most cases since we have convoluted SSO configurations which makes this kind of access impossible and the original developers couldn't care less in many cases.

I'll sound old, but even the new capabilities are fascinating, we have gone backwards in a lot of things, software quality and robustness related IMHO.

Couldn’t agree more with this sentiment and will also add that it happens on other aspects of life such as services.

The other day I called a benefits company that was supposed to send me a card but didn’t.

When I called they said there was an issue with their system which they would request to be fixed and that I should call in a couple of days to talk about the original request.

That happened after almost 2 hours waiting on the phone to be able to get to someone.

Before we didn’t have all these cool services but companies would do their whole jobs and get back to you when something goes wrong. Now, due to all these complexity and workers not keeping up with it things go way worse for the customer when something breaks.

these conditions seem like an exploit in the rough
This anecdote really drives homes the fact iMessage sells phones for Apple. The default SMS app not displaying messages is absolutely unacceptable.

And I would never trust a third party sms app.

What makes me go crazy right now is that I can't access my AWS account because the OTP will no longer work. I tried resyncing but to no avail.

I am at a loss as to how this could've happened. I used Google Authenticator and simply didn't log in for a few months.

I have a similar issue - my phone broke and I lost access to OTP. I don't have anything on AWS except S3 bucket which costs $0.5/month. My credit card expired so they aren't charging me, just sending "urgent action required" emails. I contacted AWS support to either regain access to the account or pay what I owe and close it but they asked for:

1) A completed, signed, and notarized Identity Verification Form and Affidavit, which can be downloaded online at the following link (the link didn't work)

2) A photocopy of the AWS account owner’s primary proof of identification, such as a State driver’s license or passport.

3) A photocopy of the AWS account owner’s proof of address matching the address on file.

So I'm waiting, maybe they'll give up.

The OTP messages through SMS were marked as Spam on Android.

While changing to the Samsung SMS app ( which doesn't have a spam detection), the messages were shown.

By now, I have changed the app back and marked the messages as not Spam ( didn't even knew there was spam detection in my SMS app)

I have replied to AWS support what the exact issue was.

I also have a 'fun' story - got locked out of my old account (old phone no. 2FA). I owe them $1.61 so they keep pinging me. I've offered to pay using my new account or that they can just send me a link / bank account no. whatever so I can pay. No can do. I have to log in for that. My only option is a notarized document sent to them. Well I don't want to pay that dollar THAT hard... :/