In this article, I walk you through how to enable MFA on your AWS root account. By adding another layer of security on top of your traditional username and password, we are able to help protect your AWS root account from hackers. If a hacker gets hold of your account credentials and is able to gain access to your AWS account, they can accumulate enormous fees by running huge amounts of resources. Therefore Multifactor Authentication is crucial.
We are going to use Google Authenticator in this demonstration:
How To Enable MFA On Your AWS Root Account
To enable MFA on your AWS root account we must first browse to a service called IAM (Identity and Access Management). You can do this by typing in IAM in the search services field.
Note: The IAM service is Global and is not tied to a specific region.
When you are in the IAM service you will want to click on ‘Activate MFA on your root account’, under Security Status.
Once the section, ‘Activate MFA on your root account’ has expanded, click on Manage MFA
Click on ‘Continue to Security Credentials’
Expand ‘Multi-factor authentication (MFA) and click on Activate MFA.
In this demonstration, we are going to use Google Authenticator to provide one-time passwords. Make sure ‘Virtual MFA’ device is selected and click on Continue.
Launch Google Authenticator from your phone and within the app click on the + symbol at the top right-hand side to add a new account. Select Scan barcode.
As you can see in the screenshot below, click on ‘Show QR code’ and point your phone camera to the QR code. This will add the account into Google Authenticator. You will start to see 6 digit codes appear and change every 30 seconds.
Enter 2 consecutive codes into ‘MFA code 1’ and ‘MFA code 2’ fields and click on Assign MFA.
Your Multifactor authentication on your root aws account is now complete and ready to use.
The next time you log into your AWS console, you will be prompted to enter an MFA code.
Go back into your Google Authenticator App on your phone, and type in the 6 digits that appear.