Read on:
AWS for Beginners: Understanding AWS Terminologies: Part 1
AWS for Beginners: What is AWS EC2: Part 2
AWS for Beginners: AWS Compute Services: Part 3
AWS for Beginners: How to Protect AWS Security Tools: Part 4
AWS for Beginners: What is IAM (Identity and Access Management) and Best Practices: Part 5
AWS for Beginners: Provisioning IAM Users and Programmatic Access in AWS: Part 6
AWS – How to Secure Root/Master Account using MFA?
AWS provides many options to protect the AWS account but those will not be active by default. You need to carefully activate those options to secure the account. AWS master account or root account which manages multiple AWS accounts using AWS organization. In other words, the master account will have full access to other AWS accounts in the organization. Two main credentials types in AWS are passwords and access keys. These credentials are not embedded into any codes and git repositories. This article will walk you through how to enable MFA on the root AWS account.
To know your account security status,
1. Login to AWS Management Console: https://console.aws.amazon.com/ with Root credentials. Go to Access IAM Identity and Access Management service,
2. Remove root user access keys. Instead, use access keys attached to an IAM user to improve security.
3. Make sure that you Activate MFA on your root. Click on Add MFA and Activate MFA
4. Select Virtual MFA device.
5. Here is the list of virtual authenticators.
6. Once you have installed the virtual authenticator on your mobile, continue the wizard. Scan the QR code and enter the two consecutive MFA codes in the given boxes. Click on Assign MFA to activate the MFA on your AWS account.
Note: You need to preserve the QR code in the secure vault.
7. Once the MFA is successfully assigned, you will get the successful message below.
8. Apply an IAM password Policy, this will be used to secure access for the Development Teams. If you are planning to make an AD Federation with Azure AD, the IAM policy for users will no longer be valid.
Summary:
To keep your AWS account secure, try to enable all the security features offered by AWS. Safeguard your passwords and access keys in a secure vault. Activate MFA on the root AWS account and try to limit root user access to resources. It will be good practice to Audit IAM users and their policies frequently. Ensure that all the AWS accounts and resources are monitored to detect anomalies.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
