Introduction

As the adoption of cloud services continues to increase rapidly, so does the need to secure these services against unauthorized access. Amazon Web Services (AWS) is one of the leading cloud service providers globally, offering a wide range of computing, storage, and database solutions for individuals and businesses. AWS offers different methods of securing your account, one of which is Multi-Factor Authentication (MFA). In this tutorial, we will guide you on how to secure your AWS account with MFA.

What is Multi-Factor Authentication (MFA)?

MFA is a security feature that requires users to provide more than one type of authentication to access an account. It combines two or more of the following authentication factors;
1. Something you know – such as a password, PIN, or security question.
2. Something you have – such as a phone or a token.
3. Something you are – such as fingerprints or facial recognition.

In AWS MFA, the user provides the password as usual, but an authentication device is used to generate an additional security code. The second code is usually a six-digit number, valid for a short period, and it is required to complete the login process, thus making your account more secure.

Step-by-Step Guide to Setting up MFA on Your AWS Account

In this section, we will guide you through the process of setting up MFA on your AWS account. This guide has been divided into two sections, i.e., setting up MFA for the AWS root account and for individual IAM users.

Setting up MFA on the AWS Root Account

1. Navigate to the AWS Management Console using your root account credentials.
2. After successfully signing in to your console, click on your name or account name in the top-right corner of the navigation bar.
3. Select the “My Security Credentials” option from the drop-down menu.
4. If prompted to sign-in again, provide your credentials and click the “Sign In” button to continue.
5. On the Security Credentials page, locate the “Multi-factor authentication (MFA)” section, and click on “Manage MFA”.
6. In the pop-up window, click on the “Continue” button.
7. In the next screen, you’ll be prompted to “Choose MFA type”, select the MFA device option, and click on “Continue”.
8. In the “Assign MFA Device” screen, you can either use a virtual MFA device or a physical MFA device. If you choose the virtual MFA device, download the recommended app – Google Authenticator on your smartphone, or any other compatible application on your phone that meets the minimum requirements. Proceed with the installation, and once complete, use the camera on your phone to scan the QR code displayed on the screen, then enter the six-digit code displayed in the app in the “Authentication Code 1” field. Repeat this process, entering the next six-digit code generated by the app in “Authentication Code 2” field, then click on “Activate MFA” to complete the process.
9. If you opt for a physical MFA device, proceed to order the device and configure it as instructed.

Setting up MFA on an Individual IAM User

In case you need to add MFA to an individual IAM user, follow the steps below:
1. Sign in to the AWS Management Console using your IAM credentials.
2. Navigate to the IAM dashboard and select “Users” from the left-hand side menu.
3. Click on the username to which you’d like to assign an MFA device.
4. In the “Security Credentials” tab, scroll down to the “Multi-factor authentication (MFA)” section and click on “Manage MFA”.
5. In the next screen, select the MFA device of your preference, whether virtual or physical. For virtual MFA devices, download the app on your smartphone, or for physical devices, order the device and configure it following the instructions provided.
6. After completing the setup process, test that the MFA device works for the user by signing out of the AWS Management Console and then signing back in as the IAM user. The IAM user should sign in to the AWS Management Console, enter their username and password along with the MFA code from their device when prompted, and then click “Sign In.”

Conclusion

In this tutorial, we have looked at the Multi-Factor Authentication (MFA) feature offered by AWS as a security measure to protect your account from unauthorized access. MFA is crucial as it adds an extra layer of security to ensure that the user logging in to your account has access to both the password and the MFA device. We went through the process of setting up an MFA on both the root account and an individual IAM user. By following these steps, you can better secure your AWS account and data.