Back to All Checks
Medium IAM

MFA should be enabled for all IAM users that have a console password

CIS

Description

Checks if MFA is enabled for all IAM users that have a console password.

Remediation

To enable MFA for IAM users with a console password, follow these steps:

Steps

  1. Sign in to the AWS Management Console with an account that has IAM permissions.
  2. Open the IAM console at https://console.aws.amazon.com/iam/.
  3. In the navigation pane, click on 'Users'.
  4. Choose the IAM user who has a console password and for whom you want to enable MFA.
  5. Under the 'Security credentials' tab, in the 'Assigned MFA device' section, click on 'Manage'.
  6. Choose the type of MFA device to assign (virtual or hardware), and then follow the on-screen instructions to activate the MFA device.
  7. If using a virtual MFA device, use an MFA application to scan the QR code or enter the configuration key, then enter two consecutive MFA codes from the application to finalize setup.
  8. Confirm that the MFA device is successfully associated with the IAM user.

Compliance

CIS
Start Your Free Security Check