One of the key components to cloud security and a
question we hear all the time is around the use of multi-factor authentication
(MFA). Implementing MFA is considered
more secure than a simple user name and password, because it requires anyone
logging in to have something they know (user name and password) and something they have (MFA
device).
Implementing MFA on the Root Account is even more
important to ensure the integrity of the entire environment. JHC Technology always recommends protecting the Root Account. To do this, we create various security groups
and users under the Root Account. Access
is then controlled by the security groups and IAM users. For more on IAM and assigning permissions, please click here.
MFA devices can either be physical or virtual. For this entry, I’m going to walk you through
the steps to implement an Android virtual MFA with an Amazon Web Services (AWS)
account.
This entry does not cover the creation of an AWS
account. If you haven’t created an
account, visit http://aws.amazon.com. Before we
get started, it’s also important to have downloaded and installed two
applications: AWS Virtual MFA and ZXing
Barcode Scanner (both are free). Before
beginning, I highly encourage the review of the MFA FAQs, located here.
Let’s get started:
- Sign in to your AWS Account:
- Select IAM from the Management Console.
- Under Security Status, you will see that the Root Account MFA is Disabled. Click on “Manage MFA Device”.
- We are activating a virtual MFA device. Ensure this option is selected and click Continue.
- Since we have already installed the AWS
MFA-compatible application, select Continue.
- You will be prompted by the following screen, which is where you need to utilize your Virtual MFA Device. Do not close this window.
- Launch the AWS Virtual MFA from your Android device.
- Click on your device’s menu button and select Scan QR Code.
- Once this code is scanned, it will present your
associated account on the MFA application.
- Now you are prepared to finishing authorizing your device. Looking back at your browser window, you will see that in order to synchronize the device, you need to enter two consecutive Authentication Codes. You will use your Virtual MFA to generate these codes.
- Tap the account name on your Virtual MFA. It will generate a six digit code such as this:
- Enter this code into Authentication Code 1 in your browser.
- Tap your account name on the Virtual MFA to generate another six-digit code. If it’s the same code, you’ll need to tap the name again until the code changes. Keep in mind that the codes need to be consecutive, so you can’t wait five minutes in between entering codes.
- Once you generate the next code, enter that into the browser under Authentication Code 2. Once you’ve done this, select Continue.
- If you have entered the consecutive codes appropriately, you will get validation. Click Finish.
- Now you need to test the MFA authentication.
- Logout of your account.
- Begin the process of signing back into your account. Once you have entered your associated email address and password, you will be prompted by a second screen.
- Open your Virtual MFA application and tap the associated account. This will generate your six-digit code to enter. Enter that number in the Authentication Code field and then click the link to sign-in.
Setting up MFA on your root account is a security
best practice that is monitored by AWS’s Trusted
Advisor (available to
customers with Business Level support) and to third-party products such as CloudCheckr.
A few additional notes:
A few additional notes:
- MFA access can also be assigned to individual IAM users. MFA is not just for the Root Account.
- Each Virtual MFA device can support only one MFA account. Read more about this here.
- For AWS GovCloud accounts, Virtual MFA devices are the only option. GovCloud does not currently support hardware MFA devices.
- If you lose your device, or experience other problems with an account that has MFA enabled, you will need to contact AWS to get the issue resolved.
Matt Jordan is the Cloud Services Manager for JHC Technology. He can be reached at mjordan(at)jhctechnology.com, @matt_jhc, or connect with him on LinkedIn.
I truly cherish perusing and taking after your post as I discover them to a great degree useful and intriguing. This post is similarly educational and also fascinating . Much obliged to you for data you been putting on making your site such an intriguing.
ReplyDeleteEpson Customer Service
We are providing best and free technical support services for HP printer in UK.If you have facing problems in hp printer please feel free to call us at our HP Customer Support toll-free number 0800-046-5041 and you can also visit Our Official HP Support Website.
ReplyDeleteHP Helpline Number
You can correct all the technical issues related to Epson Printer quickly through calling on Epson Printer Help Support Number UK 0808-238-7544 toll free.
ReplyDeleteI accept there are numerous more pleasurable open doors ahead for people that took a gander at your site.
ReplyDelete"aws training in marathahalli"
I just needed to record a speedy word to express profound gratitude to you for those magnificent tips and clues you are appearing on this site.
ReplyDeleteAWS Training in Bangalore|
thanks for this detailed analysis about aws account process..
ReplyDeleteaws training in bangalore
Machine Learning Training in Bangalore
ReplyDeletePcb Training in Bangalore
Devops Training in Bangalore
Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.
ReplyDeleteappvn app
Great Post with lots of useful informations. Excellent blog very much interesting...
ReplyDeleteSAP Training in Chennai | AWS Training in Chennai | SAP Training | AWS Training
Excellent blog on AWS Concepts. Superb information.
ReplyDeleteAWS Exam Center in Chennai | AWS Training in Chennai | AWS Training Institute in Chennai
Awesome stuff with aws concepts..
ReplyDeleteHardware and Networking Training in Chennai
CCNA Training in Chennai
AWS Training in Chennai
SAP Training in Chennai
Software Testing Training in Chennai
Java Training in Chennai
QTP Training in Chennai
iOS Training in Chennai
Oracle Training in Chennai
Pearson Vue Exam Center in Chennai