AWS IAM: Activate Multi-factor Authentication on Root Account


In the previous post, we have seen how to Customize IAM users Sign-in Link. In this post we will see how to Activate Multi-factor Authentication on Root Account.

The most important part of this Dashboard is Security status. If we are using IAM for the first time and we haven’t configured it before than there will be warnings in Security Status section as shown in the figure.  So our immediate steps should be to clear all warnings in the security section. Isn’t it?

Let’s do it.

Click on the dropdown near “Activate MFA on your  root account” and click on “Manage MFA”

In the dialogue box, we can select either of the option based on our feasibility. Though A virtual MFA device option is more popular considering the options and ease it provides in configuration.

So we select A virtual MFA device and click on Next Step. Before that click on AWS Multi-Factor Authentication Link to get more details on the supported MFA devices.

On https://aws.amazon.com/mfa, go to the section “Virtual MFA Applications” and verify the applications for Android, iPhone, Windows Phone, and Blackberry for authentication enablement.

In our case, we have Android phone so we can select either AWS Virtual MFA or Google Authenticator.

In our case we will use Google Autheticator https://support.google.com/accounts/answer/1066447?hl=en

Just for reference, visit http://www.amazon.com/gp/product/B0061MU68M to know about AWS Virtual MFA

Next step is to install AWS MFA compatible application on Smartphone so we will go to Android Playstore and install Google Authenticator application. Once we install the Virtual MFA Application, Let’s click on Next step.

It will open a dialogue box with Bar code symbol or Security code number. Enter that security code in Google Authenticator Application. Once the security code is properly configured, we will get the message “The MFA device was successfully associated.”

Now, it is the time to see first ray of hope in our security section. Traffic Signal is on for MFA configuration. See the Green light if you don’t agree!

In the Next post of this series, we will discuss about how to Manage Users.

Leave a comment

Your email address will not be published. Required fields are marked *