About Me

My photo
JHC Technology is a Service Disabled, Veteran-Owned, Small Business based in the Washington, DC Metro area. Our primary focus is to offer customized solutions and IT consulting to our Commercial and Government clients. Our experts have a broad experience delivering and managing Microsoft Enterprise applications and Cloud and Virtualization Solutions, as well as mobilizing Enterprise data.

Tuesday, October 29, 2013

Enabling MFA on your AWS account

One of the key components to cloud security and a question we hear all the time is around the use of multi-factor authentication (MFA).  Implementing MFA is considered more secure than a simple user name and password, because it requires anyone logging in to have something they know (user name and password) and something they have (MFA device). 

Implementing MFA on the Root Account is even more important to ensure the integrity of the entire environment.  JHC Technology always recommends protecting the Root Account.  To do this, we create various security groups and users under the Root Account.  Access is then controlled by the security groups and IAM users.  For more on IAM and assigning permissions, please click here.

MFA devices can either be physical or virtual.  For this entry, I’m going to walk you through the steps to implement an Android virtual MFA with an Amazon Web Services (AWS) account.

This entry does not cover the creation of an AWS account.  If you haven’t created an account, visit http://aws.amazon.com.  Before we get started, it’s also important to have downloaded and installed two applications:  AWS Virtual MFA and ZXing Barcode Scanner (both are free).  Before beginning, I highly encourage the review of the MFA FAQs, located here.

Let’s get started:
  1. Sign in to your AWS Account:   
  2. Select IAM from the Management Console.  
  3. Under Security Status, you will see that the Root Account MFA is Disabled.  Click on “Manage MFA Device”.  
  4. We are activating a virtual MFA device.  Ensure this option is selected and click Continue.  
  5. Since we have already installed the AWS MFA-compatible application, select Continue.   
  6. You will be prompted by the following screen, which is where you need to utilize your Virtual MFA Device.  Do not close this window.  
  7. Launch the AWS Virtual MFA from your Android device.
  8. Click on your device’s menu button and select Scan QR Code.
  9. Once this code is scanned, it will present your associated account on the MFA application.
     
  10. Now you are prepared to finishing authorizing your device.  Looking back at your browser window, you will see that in order to synchronize the device, you need to enter two consecutive Authentication Codes.  You will use your Virtual MFA to generate these codes.
  11. Tap the account name on your Virtual MFA.  It will generate a six digit code such as this:    
  12. Enter this code into Authentication Code 1 in your browser.  
  13. Tap your account name on the Virtual MFA to generate another six-digit code. If it’s the same code, you’ll need to tap the name again until the code changes.  Keep in mind that the codes need to be consecutive, so you can’t wait five minutes in between entering codes.  
  14. Once you generate the next code, enter that into the browser under Authentication Code 2.  Once you’ve done this, select Continue.
  15. If you have entered the consecutive codes appropriately, you will get validation.  Click Finish.  
  16. Now you need to test the MFA authentication.   
  17. Logout of your account.
  18. Begin the process of signing back into your account.  Once you have entered your associated email address and password, you will be prompted by a second screen.  
  19. Open your Virtual MFA application and tap the associated account.  This will generate your six-digit code to enter.  Enter that number in the Authentication Code field and then click the link to sign-in.
Setting up MFA on your root account is a security best practice that is monitored by AWS’s Trusted Advisor (available to customers with Business Level support) and to third-party products such as CloudCheckr.

A few additional notes:

Matt Jordan is the Cloud Services Manager for JHC Technology.  He can be reached at mjordan(at)jhctechnology.com, @matt_jhc, or connect with him on LinkedIn.





11 comments:

  1. I truly cherish perusing and taking after your post as I discover them to a great degree useful and intriguing. This post is similarly educational and also fascinating . Much obliged to you for data you been putting on making your site such an intriguing.
    Epson Customer Service

    ReplyDelete
  2. We are providing best and free technical support services for HP printer in UK.If you have facing problems in hp printer please feel free to call us at our HP Customer Support toll-free number 0800-046-5041 and you can also visit Our Official HP Support Website.
    HP Helpline Number

    ReplyDelete
  3. You can correct all the technical issues related to Epson Printer quickly through calling on Epson Printer Help Support Number UK 0808-238-7544 toll free.

    ReplyDelete
  4. I accept there are numerous more pleasurable open doors ahead for people that took a gander at your site.
    "aws training in marathahalli"

    ReplyDelete
  5. I just needed to record a speedy word to express profound gratitude to you for those magnificent tips and clues you are appearing on this site.

    AWS Training in Bangalore|

    ReplyDelete
  6. thanks for this detailed analysis about aws account process..


    aws training in bangalore

    ReplyDelete
  7. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    appvn app

    ReplyDelete
  8. Great Post with lots of useful informations. Excellent blog very much interesting...
    SAP Training in Chennai | AWS Training in Chennai | SAP Training | AWS Training

    ReplyDelete