Create Multi-Factor Authentication (MFA) for your AWS accounts

#beginners #tutorials #security #aws

Add an extra layer of protection

In this blog of the security series, I discussed how my AWS Root User account was hacked with an unauthorized user and remediation steps included implementing AWS for the Root account.

In the previous blog steps were outlined to create a multi-region trail to monitor and report on user and API activity with AWS CloudTrail.

In this post, we will implement Multi-Factor Authentication (MFA) on the AWS IAM User account to add an extra layer of protection to your user name and password with an auto generated code using a virtual MFA application.

Tutorial: Create MFA on your Admin IAM user account

Step 1: Sign in to the AWS Management Console.

Step 2: Login with your AWS IAM User credentials.

Step 3: In the AWS Management Console navigate to the search bar and type 'IAM'.

Step 4: On the AWS IAM dashboard you will see a best practice recommendation to implement MFA.

Step 5: Click Add MFA and then select Assign MFA device

Step 6: Click Virtual MFA device.

Read more information from this link to understand which type of MFA is suitable for your circumstance.

Step 7: For Virtual MFA Application, download 'Twilio Authy' for
your iPhone or Android mobile device.

Step 8: Open the Twilio app and use the camera to scan the QR code on your computer screen.

Enter two 6-digit codes provided by the Twilio app in the section provided.

Step 9: You will receive a message from the pop-up window that MFA was successfully created.

You may repeat all of the above steps 1-9 for any additional AWS accounts e.g. Root Account used for emails.

Step 10: Double check that MFA is implemented on your AWS IAM User account, login to the AWS Management Console with your user name, followed by your password. And Presto! You will receive an additional layer of security with a MFA prompt as shown below.