How to set up MFA for your AWS account

Security is a shared responsibility

This guide will help you set up a virtual MFA device for your AWS account in less than 5 minutes!

What is MFA?

MFA stands for multi-factor authentication. It is a simple way to add an extra layer of protection on top of your user name and password.

In other words:

MFA requires that a user signs in with their user name and password (the first factor) and a token MFA token (the second factor—what they have). Together, these multiple factors provide increased security for your AWS account settings and resources.

What is a virtual MFA device?

A Virtual MFA device is an application that runs on your existing smartphone or tablet. You can install a virtual MFA device from your application store.

The Virtual MFA application uses the open TOTP standard to generate a time-based one-time password (known as tokens).

The most common virtual MFA applications are Google Authenticator, Authy 2-Factor Authentication and Microsoft Authenticator.

You can also choose another virtual MFA application if you desire.

Step to setup a virtual MFA device for your AWS account

This guide mostly focusses on IAM users. Consequently, Root users must read this guide and then start the MFA setup from a different link. However, the steps are primarily the same for both types of users.

Step 1 - Download one of the following apps to your phone.

Use one of these links to download your preferred app from your app store.

Android Google AuthenticatorAuthy 2-Factor Authentication
iPhone Google AuthenticatorAuthy 2-Factor Authentication
Windows Phone Authenticator

Step 2 - Login to the AWS console by clicking on the following link: https://signin.aws.amazon.com/console.

Step 3 - Click on your account menu, click on ‘My Security Credentials'.

Step 4 – On the ‘my security credentials’ page, click on the ‘Assign MFA device’ button.

Step 5 – Select the ‘Virtual MFA device’ option; click on the ‘Continue’ button.

Step 6 – follow the ‘Manage MFA device’ setup steps.

Use the virtual MFA application you installed in step 1.

Click on ‘Show QR code’.

Scan the QR code.

Enter two consecutive MFA codes from your virtual MFA device.

Click on the ‘Assign MFA’ button.

Note: You MFA application will allow you to add other MFA accounts. You do not need to add your Gmail account to Google Authenticator if you do not want to.

Finally, you will see the following popup on successful completion:

Information for root account users

Log out and log in to the AWS management console using your ‘root access’ account details.

Navigate to the ‘Identity and Access Management (IAM)’ dashboard.

Find the ‘Activate MFA on your root account’ dropdown in the' Security Status' section.

And then, click on the ‘manage MFA’ button.

The instructions to setup MFA will be similar to the previous steps that you followed.

Wrapping up

You now know how to set up a virtual MFA device for your AWS account. Enabling MFA goes a longs way to secure your account.

You may also be interested in



About the Authors

Anto's editorial team loves the cloud as much as you! Each member of Anto's editorial team is a Cloud expert in their own right. Anto Online takes great pride in helping fellow Cloud enthusiasts. Let us know if you have an excellent idea for the next topic! Contact Anto Online if you want to contribute.

Support the Cause

Support Anto Online and buy us a coffee. Anything is possible with coffee and code.

Buy me a coffee



Leave a Reply

Your email address will not be published. Required fields are marked *