Back to All Checks
Medium IAM

MFA should be enabled for all IAM users

CIS

Description

This check ensures that MFA is enabled for all IAM users.

Remediation

To enable MFA for IAM users, follow these steps:

Steps

  1. Sign in to the AWS Management Console with an account that has IAM permissions.
  2. Open the IAM console at https://console.aws.amazon.com/iam/.
  3. In the navigation pane, click on 'Users'.
  4. Choose the IAM user for whom you want to enable MFA.
  5. Under the 'Security credentials' tab, in the 'Assigned MFA device' section, click on 'Manage'.
  6. Choose the type of MFA device to assign (virtual or hardware), and then follow the on-screen instructions to activate the MFA device.
  7. If using a virtual MFA device, use an MFA application to scan the QR code or enter the configuration key, then enter two consecutive MFA codes from the application to finalize setup.
  8. Confirm that the MFA device is successfully associated with the IAM user.

Compliance

CIS
Start Your Free Security Check