In this article, I walk you through how to enable MFA on your AWS root account. By adding another layer of security on top of your traditional username and password, we are able to help protect your AWS root account from hackers. If a hacker gets hold of your account credentials and is able to gain access to your AWS account, they can accumulate enormous fees by running huge amounts of resources. Therefore Multifactor Authentication is crucial.

We are going to use Google Authenticator in this demonstration:

How To Enable MFA On Your AWS Root Account

To enable MFA on your AWS root account we must first browse to a service called IAM (Identity and Access Management). You can do this by typing in IAM in the search services field.

Note: The IAM service is Global and is not tied to a specific region.

Enable MFA on AWS Root Account

When you are in the IAM service you will want to click on ‘Activate MFA on your root account’, under Security Status.

Enable MFA on AWS Root Account

Once the section, ‘Activate MFA on your root account’ has expanded, click on Manage MFA

Enable MFA on AWS Root Account

Click on ‘Continue to Security Credentials’

Enable MFA on AWS Root Account

Expand ‘Multi-factor authentication (MFA) and click on Activate MFA.

Enable MFA on AWS Root Account

In this demonstration, we are going to use Google Authenticator to provide one-time passwords. Make sure ‘Virtual MFA’ device is selected and click on Continue.

Enable MFA on AWS Root Account

Launch Google Authenticator from your phone and within the app click on the + symbol at the top right-hand side to add a new account. Select Scan barcode.

As you can see in the screenshot below, click on ‘Show QR code’ and point your phone camera to the QR code. This will add the account into Google Authenticator. You will start to see 6 digit codes appear and change every 30 seconds.

Enter 2 consecutive codes into ‘MFA code 1’ and ‘MFA code 2’ fields and click on Assign MFA.

Enable MFA on AWS Root Account

Your Multifactor authentication on your root aws account is now complete and ready to use.

Enable MFA on AWS Root Account

The next time you log into your AWS console, you will be prompted to enter an MFA code.

Go back into your Google Authenticator App on your phone, and type in the 6 digits that appear.

Enable MFA on AWS Root Account

2 Comments

Leave a Reply

Your email address will not be published.


*


*

This site uses Akismet to reduce spam. Learn how your comment data is processed.