This guide will help you set up a virtual MFA device for your AWS account in less than 5 minutes!
What is MFA?
MFA stands for multi-factor authentication. It is a simple way to add an extra layer of protection on top of your user name and password.
In other words:
MFA requires that a user signs in with their user name and password (the first factor) and a token MFA token (the second factor—what they have). Together, these multiple factors provide increased security for your AWS account settings and resources.
What is a virtual MFA device?
A Virtual MFA device is an application that runs on your existing smartphone or tablet. You can install a virtual MFA device from your application store.
The Virtual MFA application uses the open TOTP standard to generate a time-based one-time password (known as tokens).
The most common virtual MFA applications are Google Authenticator, Authy 2-Factor Authentication and Microsoft Authenticator.
You can also choose another virtual MFA application if you desire.
Step to setup a virtual MFA device for your AWS account
This guide mostly focusses on IAM users. Consequently, Root users must read this guide and then start the MFA setup from a different link. However, the steps are primarily the same for both types of users.
Step 1 - Download one of the following apps to your phone.
Use one of these links to download your preferred app from your app store.
|Android||Google Authenticator; Authy 2-Factor Authentication|
|iPhone||Google Authenticator; Authy 2-Factor Authentication|
Step 2 - Login to the AWS console by clicking on the following link: https://signin.aws.amazon.com/console.
Step 3 - Click on your account menu, click on ‘My Security Credentials'.
Step 4 – On the ‘my security credentials’ page, click on the ‘Assign MFA device’ button.
Step 5 – Select the ‘Virtual MFA device’ option; click on the ‘Continue’ button.
Step 6 – follow the ‘Manage MFA device’ setup steps.
Use the virtual MFA application you installed in step 1.
Click on ‘Show QR code’.
Scan the QR code.
Enter two consecutive MFA codes from your virtual MFA device.
Click on the ‘Assign MFA’ button.
Note: You MFA application will allow you to add other MFA accounts. You do not need to add your Gmail account to Google Authenticator if you do not want to.
Finally, you will see the following popup on successful completion:
Information for root account users
Log out and log in to the AWS management console using your ‘root access’ account details.
Navigate to the ‘Identity and Access Management (IAM)’ dashboard.
Find the ‘Activate MFA on your root account’ dropdown in the' Security Status' section.
And then, click on the ‘manage MFA’ button.
The instructions to setup MFA will be similar to the previous steps that you followed.
You now know how to set up a virtual MFA device for your AWS account. Enabling MFA goes a longs way to secure your account.
You may also be interested in
About the Authors
Anto's editorial team loves the cloud as much as you! Each member of Anto's editorial team is a Cloud expert in their own right. Anto Online takes great pride in helping fellow Cloud enthusiasts. Let us know if you have an excellent idea for the next topic! Contact Anto Online if you want to contribute.
Support the Cause
Support Anto Online and buy us a coffee. Anything is possible with coffee and code.