In addition to a password that is required for users to authenticate to AWS, it is recommended to implement MFA to add a second layer of authentication. This is best practice for your AWS root account and any other user accounts that have elevated privileges.
By using MFA, you are required to enter a randomly generated 6-digit number once you have entered your password when using the Management Console. This 6-digit number changes very frequently, making it difficult to compromise. It is very easy to set up MFA for a user so let me run through it:
- From within the IAM dashboard of the AWS Management Console, select Users and then the user requiring MFA.
- Click on the Security Credentials tab and you will notice under Sign-in Credentials that it states Not assigned for your MFA device:
- Click on Manage. Here, you can then select your chosen device for using MFA. I will use Google Authenticator, which is a simple app I have on...