As you know storing sensitive information in the cloud is vulnerable to hackers and viruses, and to overcome this your account needs to be secured. For increased security, AWS recommends that you configure AWS Multi-Factor Authentication (MFA) to help protect your AWS resources.
In brief, MFA = Password you know + Security Device you own
In this blog, we will discuss;
- Overview Of AWS MFA
- Why AWS MFA is required
- MFA Device Options in AWS
- Enabling MFA on Root Account
- Accessing AWS Console using MFA
- What if the MFA device does not work
Overview of AWS MFA
AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their user name and password (the first factor is what they know), as well as for an authentication code from their AWS MFA device (the second factor is what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.
Learn With Us: Join our AWS Solution Architect Training and understand AWS basics in an easy way.
Why AWS MFA is Required
- Users have access to your account and can possibly change configurations and delete resources in your AWS account, so to overcome this it is required
- If you want to protect your root accounts and IAM user.
- Even if the password is stolen or hacked, the account is not compromised.
- When you enable this authentication for the root user, it affects only the root user credentials. IAM users in the account are distinct identities with their own credentials, and each identity has its own MFA configuration.
Check Out : Roles and Responsibilities Of An AWS Certified Solutions Architect.
MFA Device Options In AWS
The following are the MFA device options in AWS:
- Virtual MFA Device: Support for multiple tokens on a single device e.g Google Authenticator (Phone Only) Authy (Multi-Device)
- Universal 2nd Factor (U2F) Security Key: Supports multiple root and IAM users using a single security key. e.g Yubikey by Yubico (Third Party)
- Hardware Key Fob MFA Device: Provided by Gemalto (Third Party)
- Hardware Key Fob MFA Device AWS GovCloud (US): Provided by SurePassID (Third Party)
Check also: Free AWS Training
Enabling MFA On Root Account
1) Log in to your AWS account by clicking here
Note: If you have not created the free tier account yet, please check this blog. How to create a free tier account
2) On the right side of the navigation bar, choose your account name, and choose My Security Credentials.
3) Click on Assign MFA device.
4) Choose Virtual MFA Device and click on Continue.
5) Now Install Google Authenticator on your phone.
Android: Click here
IOS: Click here
6) Now Click on Show QR Code and open the Google Authenticator app on your phone
Note: Take a screenshot of the code so that in the future if you lose your phone you can use it to re-enable MFA
7) Now open the Google Authenticator App Click on Get started and Scan the QR code.
8) Now Enter the code from your Phone into MFA code 1 and MFA code 2.
9) After adding MFA code click on Assign MFA
10) You will get a success message then click on Close
11) Now you will see that the device has been added for MFA
12) Now you have successfully Activated MFA on your root account setting
Accessing AWS Console Using MFA
1)Open your AWS console login page and click on Root User then enter your email
2) Enter your password corresponding to the Email address
3)Use your Google Authenticator Application on mobile and enter MFA code in AWS Console
So this was an overview of AWS MFA and how you can enable it.
What if the MFA device does not work?
If your virtual MFA device or hardware MFA device appears to be functioning properly, but you cannot use it to access your AWS resources, it might be out of synchronization with AWS. For information about synchronizing a virtual MFA device or hardware MFA device, resynchronize your virtual and hardware MFA devices.
If your AWS account root user multi-factor authentication (MFA) device is lost, damaged, or not working, you can recover access to your account. IAM users must contact an administrator to deactivate the device.
Related/Reference
- Creating AWS Elastic Compute Cloud EC2 Instance
- Overview of Amazon Web Services & Concept
- AWS Management Console Walkthrough
- AWS Certified DevOps Engineer Professional DOP-C01
Next Task For You
Begin your journey towards becoming an AWS Certified Security Specialty by joining our FREE Informative Class on AWS Security Specialty Certification & Demo by clicking on the below image
The post AWS Multi-Factor Authentication (MFA) appeared first on Cloud Training Program.