Security is not a joke. Once your AWS account is compromised by some bad actors, it becomes a critical breach that may affect your business continuity. As described clearly by AWS in its Shared Responsibility Model (https://aws.amazon.com/compliance/shared-responsibility-model/), security is a responsibility of both AWS and you, the end users. AWS takes extreme and continuous measures in this regard by complying to various industry security standards and certifications. You as AWS administrator too has a crucial role to play in ensuring the security of your infrastructure that are hosted on AWS.
One best way to start is by strengthening the access security by implementing multi-factor authentication (MFA) to the AWS accounts that are managed by you. By enabling MFA, hackers would not be able to access your account with just having the account password alone. A bad actor would also then require to access to the user’s MFA app’s on a secondary device (typically a mobile phone) which cannot be achieved easily. The MFA instantly fortifies the security to your infrastructure on AWS significantly.
Here are the steps to enable MFA for your AWS account:
Go to IAM page in AWS Console then click on
Users menu on the left sidebar
Choose an account that should be MFA enabled. Under the
Security Credentials tab, click on
Manage next to
Assigned MFA Device
There are currently three different options offered by AWS. We will choose
Virtual MFA Device in this article.
You have to install the MFA app on your secondary device e.g. your mobile phone. For example, Authy is one of the popular MFA apps available for free and it has capabilities to sync across your MFA devices. You may also explore the MFA apps recommended by AWS in the following screen. Let’s assume that you use Authy in this instance.
Show QR Code to reveal the QR Code
Now go to your device. Open Authy then tap on
Add New Account. It would ask you to scan QR Code from your MFA enabled account. Scan the QR code displayed on your screen and follow the next steps to complete this process.
Enter two MFA codes generated by your MFA app consecutively twice to each of the field as displayed. Click on
You should see the following message if you have sucessfully completed this process.
Let’s test it. Log out from your AWS account and try to login again. You will now be asked to enter your MFA code after you entered your password to log onto AWS Console.
Congratulations! That’s how you can easily enhance access security to your AWS infrastructure.