~ 3 min read

How to enable MFA for AWS Root user

Multi factor authentication (MFA) provides an additional layer of security and must be enabled whenever possible. In this article we go through the detailed steps to enable MFA for an AWS account Root user.

A root user has the highest privilege in an AWS account, hence it is important to secure it properly. An attacker with access to the Root user’s password could take over the entire AWS account.

As a security best practice, Multi Factor Authentication (MFA) must be enabled as it provides an additional layer of security. An attacker would not be able to login to an account even if they had the password as the account would require a multi factor authentication token to complete the login process.

This article provides a step by step walkthrough of how to enable MFA for your AWS Root user.

‍

Enable MFA for Root User

You can see a quick video of how this is done by following the steps in this video:

‍

‍

To enable MFA for the Root User, follow the steps below:

  1. Sign in to the AWS management console using the account root user credentials
  2. Navigate to the IAM service

‍

Navigate to the IAM service‍

  1. On the IAM Dashboard, check if MFA is enabled or not. In the picture below we can see that MFA  has not been enabled for the root user

‍

On the IAM Dashboard, check if MFA is enabled or not. In the picture below we can see that MFA  has not been enabled for the root user‍

  1. To enable MFA, click on Add MFA

‍

To enable MFA, click on Add MFA‍

  1. This will open a new tab. In the new tab, click on Activate MFA

‍

This will open a new tab. In the new tab, click on Activate MFA‍

  1. This will show a pop up with three options. You can select any one. In this article we will select the Virtual MFA device option and click on Continue

‍

This will show a pop up with three options. You can select any one. In this article we will select the Virtual MFA device option and click on Continue‍

  1. If you have the option of scanning QR code, click on Show QR code and scan it to proceed with the set up. You can also set it up using the secret key. Click on show secret key, copy the key, and set up the MFA device.

‍

If you have the option of scanning QR code, click on Show QR code and scan it to proceed with the set up

  1. Now provide two consecutive MFA codes and click on Assign MFA. This will set up the virtual MFA device

‍

Now provide two consecutive MFA codes and click on Assign MFA. This will set up the virtual MFA device‍

  1. To verify the success of the setting change, go back to the IAM dashboard and refresh the tab to confirm if the MFA has been successfully setup

‍

To verify the success of the setting change, go back to the IAM dashboard and refresh the tab to confirm if the MFA has been successfully setup‍

***

‍

This article is brought to you by Kloudle Academy, a free e-resource compilation, created and curated by Kloudle. Kloudle is a cloud security management platform that uses the power of automation and simplifies human requirements in cloud security. Receive alerts for Academy by subscribing here.

;