Back to All Checks
Critical IAM

MFA should be enabled for the root user

CIS

Description

Checks if Virtual MFA is enabled for the root user.

Remediation

To enable Virtual MFA for the root user, follow these steps:

Steps

  1. Sign in to the AWS Management Console using your root user credentials.
  2. Navigate to the IAM dashboard.
  3. In the IAM dashboard, go to the 'Security Status' section.
  4. Under 'Activate MFA on your root account', click on 'Manage MFA'.
  5. Select 'A virtual MFA device' and click 'Next Step'.
  6. Follow the instructions to set up a virtual MFA device. This typically involves:
  7. - Downloading an MFA application on your smartphone (e.g., Google Authenticator, Authy).
  8. - Scanning the QR code displayed in the AWS console with your MFA application.
  9. - Entering two consecutive MFA codes from your application to complete the setup.
  10. Once the virtual MFA device is successfully associated with your root account, ensure that it is working by signing out and then signing back in using your root user credentials and the MFA code.

Compliance

CIS
Start Your Free Security Check