Adding Multi-Factor Authentication (MFA) to your AWS account enhances security by requiring a second form of authentication in addition to your password.

Here’s how to set it up:

Step 1: Sign In to the AWS Management Console

1. Log in to the AWS Management https://aws.amazon.com/console/ using your root or IAM user credentials.

Step 2: Access the Security Credentials Page

1. For Root User:

Click on your account name or email address at the top-right corner.

Select “Security credentials”.

2. For IAM User:

Click on your account name at the top-right corner.

Select “My Security Credentials”.

Step 3: Navigate to the MFA Section

1. Scroll to the “Multi-Factor Authentication (MFA)” section.

2. Click “Assign MFA device”.

Step 4: Choose an MFA Device Type

AWS supports the following MFA devices:

1. Virtual MFA Device (recommended): Use an app like Google Authenticator or Authy.

2. Hardware MFA Device: A physical device like a key fob.

3. U2F Security Key: USB devices like YubiKey.

Choose Virtual MFA Device if using a smartphone app.

Step 5: Configure the MFA Device

1. Virtual MFA Device Setup:

Open your MFA app (e.g., Google Authenticator, Authy).

Scan the QR code displayed in the AWS console, or enter the secret key manually.

2. Hardware/U2F Key Setup:

Follow the specific instructions for your hardware device.

Step 6: Verify the MFA Device

1. After scanning the QR code, the MFA app will generate a one-time code.

2. Enter two consecutive codes the app displays into the AWS console.

3. Click “Assign MFA”.

Step 7: Test the MFA Configuration

1. Sign out of the AWS Management Console.

2. Sign back in and enter your password.

3. When prompted, enter the one-time code from your MFA device.

Additional Recommendations:

Enable MFA on all accounts: Apply MFA to both the root account and IAM users with critical permissions.

Backup MFA Codes: Store recovery codes or backup the MFA secret key in a secure location in case your device is lost.

Your AWS account is now secured with MFA!