How to Enable MFA in AWS?
Last Updated :
15 Apr, 2025
In today's digital landscape, ensuring the security of your cloud infrastructure is paramount. One effective way to bolster security is by implementing Multi-Factor Authentication (MFA) in AWS. Multi-factor authentication adds an additional layer of protection by requiring users to provide two or more verification factors to gain access to their AWS accounts, making it significantly harder for unauthorized individuals to compromise your system so it's just adding an extra layer of protection on top of your user name and password. If you want to know more about MFA you can follow the following article.
Terminologies
Before diving into the steps for enabling Multi-Factor Authentication in AWS, let's understand some primary terminologies:
- Multi-Factor Authentication (MFA): A security system that requires more than one method of authentication to verify the user's identity for a login or other transaction. This typically involves something you know (password) and something you have (a mobile device or hardware token or fingerprint).
- AWS Identity and Access Management (IAM): A service that helps you securely control access to AWS services and resources for your users. With IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
- Virtual MFA Device: A software-based authentication method that uses a virtual device, like an app on your smartphone, to generate time-based one-time passwords (TOTP) for MFA . Examples for Virtual MFA device is Google Authenticator ,Microsoft Authenticator.
- Hardware MFA Device: A physical device that generates TOTP for MFA. This is a dedicated hardware device provided by AWS or third-party vendors. Example Gemalto.
- U2F Security Key : Universal 2nd Factor (U2F) is a hardware-based authentication method that provides a secure way to protect your AWS accounts. U2F security keys are small USB or NFC devices that you physically insert into your computer or tap on a supported device to complete the authentication process. An example for U2F device is YubiKey.
Step-by-Step Process to Enable MFA in AWS
Enabling MFA in AWS is a straightforward process that can be broken down into a few key steps:
Step 1: Sign in to the AWS Management Console
Navigate to the AWS Management Console at AWS Console.
Log in using your AWS root account credentials. If you are an IAM user, you need sufficient privileges to manage MFA settings.
Sign InStep 2: Access the IAM Dashboard
Once logged in, locate the IAM service from the AWS Management Console. This can be found under Security, Identity, & Compliance. Click on Users in the IAM dashboard to see a list of IAM users associated with your account.
IAM DashboardStep 3: Select the User for MFA
Choose the specific user for whom you want to enable MFA. On the user summary page, click on the Security credentials tab.
Step 4: Manage MFA Device
Under the Multi-Factor Authentication (MFA) section, click on Manage.
You will be prompted to choose between a virtual MFA device or U2F Security Key or a hardware MFA device. For U2F security key or Hardware MFA device you require special hardware devices like USB , Gemalto or YubiKey . That's why we are going with virtual MFA device.
Manage MFA DeviceStep 5: Set Up Virtual MFA Device (Using AWS Virtual MFA App)
Install an MFA App: If you choose a virtual MFA device, you will need an app like Google Authenticator, Authority, or the AWS Virtual MFA app on your smartphone.
Activate the Device: Open the MFA app and use it to scan the QR code provided by AWS. Alternatively, you can manually enter the secret key.
Scan QRValidate: The MFA app will start generating 6-digit codes. Enter two consecutive codes into the AWS console to validate the device.
Validate MFA codesFinish: Once validated, the MFA is enabled for the user.
Successfully assigned virtual MFAStep 6: Confirm and Test
After successfully enabling MFA, ensure that it works by signing out and logging back in. You will be prompted to enter the MFA code in addition to your password. You will receive authentication code on your mobile device and after entering MFA code you will be logged in.
Testing MFA code Example For MFA in AWS
For instance, imagine a scenario where your root account credentials have been compromised. Without MFA enabled , the intruder could access your AWS resources, causing potential damage. However, with MFA enabled, they would also need access to your MFA device, providing a critical line of defense.
Conclusion
Enabling MFA in AWS is a crucial step in securing your cloud environment. By following the steps outlined above, you can ensure that your AWS accounts are protected against unauthorized access. Always remember to test your MFA setup after enabling it to confirm everything is functioning correctly.
Similar Reads
How To Configure SAML In AWS
For enterprises configuring the SAML(Security Assertion Markup Language) is essential for providing an optimized and secured approach to user authentication and authorization. This article guides you in implementing the essential steps within the AWS ecosystem from making an understanding of SAML fu
9 min read
How to Install R on AWS EC2?
R is widely used as a different programming language. There are several programming languages are present for different purposes. The C programming language is used to get basic knowledge in the programming field. Java programming language is used to get some deep knowledge of programming & its
7 min read
How to Configure AWS Lambda?
AWS Lambda is a responsive cloud service that examines the steps followed within any application and responds to them by compiling the codes that have been defined by the users, also known as functions. The service automatically computes and manages the resources across multiple availability zones a
4 min read
How to Install Go on AWS EC2?
EC2 or Elastic Compute Cloud is a scalable computing service launched on the AWS cloud platform. In simpler words, EC2 is nothing but a virtual computer on which we can perform all our tasks and we have the authority to configure, launch or even dissipate this virtual computer.Go is an open-source,
2 min read
How to Install MySQL on AWS EC2?
AWS or Amazon web services is a cloud service platform that provides on-demand computational services, databases, storage space, and many more services. EC2 or Elastic Compute Cloud is a scalable computing service launched on the AWS cloud platform. In simpler words, EC2 is nothing but a virtual com
2 min read
How to create an IAM user in AWS
In this, the title IAM stands for Identity Access Management. When we working on cloud services in a company. Different employee has different categories of access. The employees in the company are restricted to particular resource utilization and Administration has the complete access to review all
5 min read
How to get AWS Account Id in Lambda
AWS Lambda is a FaaS (Function as a Service) provided by Amazon Web Services. It is a compute service which can be used to run code in response to an event without provisioning or managing servers making it an optimal choice for creating event-driven serverless applications. AWS Lambda provides high
6 min read
How To Install Git on AWS?
Git is a well-known distributed version control system. There are many other distributed version control systems are present, like Mercurial, Bazar, etc but among them, Git is widely used for some of its unique features. Basically Version Control systems are two types. One is Centralised & anoth
2 min read
How To Implement MFA For AWS Account
MFA stands for Multi-Factor Authentication. In AWS, it acts as a second layer of security to protect AWS accounts. Even if someone knows your password, they cannot access your account because they do not have your physical device. This is what it aims to achieve and it is a highly recommended securi
9 min read
How to Create AWS Instance Scheduler ?
Sometimes the AWS EC2 instances are created unnecessarily, causing an unwanted bill where the resources were not used and we still have to pay for them. In such scenarios, an instance scheduler comes in handy, to avoid the hassle of redundant and extra instances and to help save money. In this artic
5 min read