What is MFA?

awsMFA allows you to provide multiple methods for authentication, which dramatically improves the security of your AWS account. This article describes how to apply this to your AWS user accounts.


Mobile phone app

To complete the MFA paradigm of something you know (password) and something you have (mobile phone), you can install a Google Authenticator app on your mobile phone. Various apps are available for Android and iPhone, I found the free TOTP Authenticator app works well for me on an iPhone.

 

AWS Console

Start by logging on to the AWS Console with your Root account.

  1. Click your account name (top-right) > My Security Credentials.
  2. Expand the Multi-factor Authentication section.
  3. Click the Activate MFA button.
  4. Select Virtual MFA device and click Continue.
  5. Click Show QR code.
    1. Using your phone app, add using the QR code.
  6. Enter two MFA codes from your app, in a row.
  7. Click the Assign MFA button.

Now that you've secured your root account using MFA, you should immediately create Identity Access and Management (IAM) users, groups and roles, to be used for day-to-day activity. Your root account should only be used for billing and emergency purposes.

 

Thanks for visiting.