Skip to content

Latest commit

 

History

History
27 lines (23 loc) · 2.38 KB

root-mfa-enabled.md

File metadata and controls

27 lines (23 loc) · 2.38 KB

CloudSploit

AWS / IAM / Root MFA Enabled

Quick Info

Plugin Title Root MFA Enabled
Cloud AWS
Category IAM
Description Ensures a multi-factor authentication device is enabled for the root account
More Info The root account should have an MFA device setup to enable two-factor authentication.
AWS Link http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html
Recommended Action Enable an MFA device for the root account and then use an IAM user for managing services

Detailed Remediation Steps

  1. Log in to the AWS Management Console.
  2. Click on the AWS account name at the top on AWS management console and click on the "Security Credentials" from the menu.
  3. On "My security credentials" page scroll down and click on the "Multi-factor authentication (MFA)". Check the "Multi-factor authentication (MFA)" section for any active devices. If the "Assign MFA device" button is showing then a multi-factor authentication device is not enabled for the root account.
  4. On "My security credentials" page scroll down and click on the "Multi-factor authentication (MFA)" and click on the "Assign MFA device" button to enable a multi-factor authentication device.
  5. Select "Virtual MFA device" and click on "Continue" button.
  6. Now install the AWS MFA compatible application on mobile device or computer. Once the application is installed click on the "Show QR code" and scan the code with pre-installed application.
  7. Enter two consecutive MFA codes generated from application in "MFA code 1" and "MFA code 2" and click on the "Assign MFA" button.
  8. On successful setup you will get the message "You have successfully assigned virtual MFA".
  9. Now "Multi-factor authentication (MFA)" is enabled for the root account.
  10. Repeat steps number 2 to 8 to check another AWS account.