AWS Tutorial
    About Lesson

    Adding Multi-Factor Authentication (MFA) to your AWS account enhances security by requiring a second form of authentication in addition to your password.

    Here’s how to set it up:

     

    Step 1: Sign In to the AWS Management Console

    1. Log in to the AWS Management https://aws.amazon.com/console/ using your root or IAM user credentials.

     

    Step 2: Access the Security Credentials Page

    1. For Root User:

    Click on your account name or email address at the top-right corner.

    Select “Security credentials”.

    2. For IAM User:

    Click on your account name at the top-right corner.

    Select “My Security Credentials”.

     

    Step 3: Navigate to the MFA Section

    1. Scroll to the “Multi-Factor Authentication (MFA)” section.

    2. Click “Assign MFA device”.

     

    Step 4: Choose an MFA Device Type

    AWS supports the following MFA devices:

    1. Virtual MFA Device (recommended): Use an app like Google Authenticator or Authy.

    2. Hardware MFA Device: A physical device like a key fob.

    3. U2F Security Key: USB devices like YubiKey.

    Choose Virtual MFA Device if using a smartphone app.

     

    Step 5: Configure the MFA Device

    1. Virtual MFA Device Setup:

    Open your MFA app (e.g., Google Authenticator, Authy).

    Scan the QR code displayed in the AWS console, or enter the secret key manually.

    2. Hardware/U2F Key Setup:

    Follow the specific instructions for your hardware device.

     

    Step 6: Verify the MFA Device

    1. After scanning the QR code, the MFA app will generate a one-time code.

    2. Enter two consecutive codes the app displays into the AWS console.

    3. Click “Assign MFA”.

     

    Step 7: Test the MFA Configuration

    1. Sign out of the AWS Management Console.

    2. Sign back in and enter your password.

    3. When prompted, enter the one-time code from your MFA device.

     

    Additional Recommendations:

    Enable MFA on all accounts: Apply MFA to both the root account and IAM users with critical permissions.

    Backup MFA Codes: Store recovery codes or backup the MFA secret key in a secure location in case your device is lost.

    Your AWS account is now secured with MFA!