How to set up MFA for your AWS account

This guide will help you set up a virtual MFA device for your AWS account in less than 5 minutes!

What is MFA?

MFA stands for multi-factor authentication. It is a simple way to add an extra layer of protection on top of your user name and password.

In other words:

MFA requires that a user signs in with their user name and password (the first factor) and a token MFA token (the second factor—what they have). Together, these multiple factors provide increased security for your AWS account settings and resources.

What is a virtual MFA device?

A Virtual MFA device is an application that runs on your existing smartphone or tablet. You can install a virtual MFA device from your application store.

The Virtual MFA application uses the open TOTP standard to generate a time-based one-time password (known as tokens).

The most common virtual MFA applications are Google Authenticator, Authy 2-Factor Authentication and Microsoft Authenticator.

You can also choose another virtual MFA application if you desire.

Step to setup a virtual MFA device for your AWS account

This guide mostly focusses on IAM users. Consequently, Root users must read this guide and then start the MFA setup from a different link. However, the steps are primarily the same for both types of users.

Step 1 – Download one of the following apps to your phone.

Use one of these links to download your preferred app from your app store.

Android Google AuthenticatorAuthy 2-Factor Authentication
iPhone Google AuthenticatorAuthy 2-Factor Authentication
Windows Phone Authenticator

Step 2 – Login to the AWS console by clicking on the following link: https://signin.aws.amazon.com/console.

Step 3 – Click on your account menu, click on ‘My Security Credentials’.

Step 4 – On the ‘my security credentials’ page, click on the ‘Assign MFA device’ button.

Step 5 – Select the ‘Virtual MFA device’ option; click on the ‘Continue’ button.

Step 6 – follow the ‘Manage MFA device’ setup steps.

Use the virtual MFA application you installed in step 1.

Click on ‘Show QR code’.

Scan the QR code.

Enter two consecutive MFA codes from your virtual MFA device.

Click on the ‘Assign MFA’ button.

Note: You MFA application will allow you to add other MFA accounts. You do not need to add your Gmail account to Google Authenticator if you do not want to.

Finally, you will see the following popup on successful completion:

Information for root account users

Log out and log in to the AWS management console using your ‘root access’ account details.

Navigate to the ‘Identity and Access Management (IAM)’ dashboard.

Find the ‘Activate MFA on your root account’ dropdown in the’ Security Status’ section.

And then, click on the ‘manage MFA’ button.

The instructions to setup MFA will be similar to the previous steps that you followed.

Wrapping up

You now know how to set up a virtual MFA device for your AWS account. Enabling MFA goes a longs way to secure your account.

You may also be interested in

About Anto Online

Anto, a seasoned technologist with over two decades of experience, has traversed the tech landscape from Desktop Support Engineer to enterprise application consultant, specializing in AWS serverless technologies. He guides clients in leveraging serverless solutions while passionately exploring cutting-edge cloud concepts beyond his daily work. Anto's dedication to continuous learning, experimentation, and collaboration makes him a true inspiration, igniting others' interest in the transformative power of cloud computing.

View all posts by Anto Online

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.