HomeAWS
AWS

How to Set Up Multi-Factor Authentication for AWS

Bharath Adigopula
By Bharath Adigopula
how to set up multi factor authentication for aws

Multi-factor authentication (MFA) is a security feature that requires users to provide more than one piece of information to verify their identity when they access AWS resources. MFA can help protect your AWS account from unauthorized access and enhance the security of your data.

In this blog post, I will show you how to set up MFA for your AWS account using the Microsoft Authenticator app, which is a virtual MFA device that runs on your smartphone and generates a six-digit code based on the time-based one-time password (TOTP) algorithm.

You can use this code along with your regular sign-in credentials to access the AWS Management Console or the AWS CLI.

Step 1: Install the Microsoft Authenticator app on your smartphone

You can download the Microsoft Authenticator app from the App Store for iOS devices or the Google Play Store for Android devices. Follow the instructions on the app to set it up and add your personal account.

Step 2: Enable MFA for your AWS account root user or IAM user

Depending on whether you want to enable MFA for your AWS account root user or an IAM user, you need to follow different steps.

For the AWS account root user:

  • Log in to the AWS Management Console with your root user credentials and go to the Security Credentials page.
  • In the Multi-factor authentication (MFA) section, click on “Assign MFA Device“.
how to set up multi factor authentication for aws
  • Choose the “Authenticator app” as the MFA type and click on Continue.
how to set up multi factor authentication for aws
how to set up multi factor authentication for aws
  • On your smartphone, open the Microsoft Authenticator app and tap on the plus (+) icon to add a new account.
  • Choose Other account (Google, Facebook, etc.) as the account type and scan the QR code displayed on the AWS console with your phone’s camera.
  • The app will generate a six-digit code for your AWS account. Enter this code in the first text box on the AWS console and wait for a few seconds until the app generates a new code. Enter the new code in the second text box and click on Assign MFA.
  • You will see a confirmation message that MFA has been successfully enabled for your root user.
how to set up multi factor authentication for aws

For an IAM user:

  • Log in to the AWS Management Console with your IAM user credentials and go to the IAM dashboard.
  • In the navigation pane, click on Users and select the user name for whom you want to enable MFA.
  • In the Security credentials tab, click on the pencil icon next to Assigned MFA device.
  • Choose Virtual MFA (Authenticator app) device as the MFA type and click on Manage.
  • Follow the same steps as for the root user to scan the QR code with the Microsoft Authenticator app and enter the codes on the AWS console.
  • Click on Enable MFA to complete the process.

Step 3: Sign in to AWS with MFA

After you have enabled MFA for your AWS account root user or IAM user, you will need to provide the six-digit code from the Microsoft Authenticator app along with your regular sign-in credentials whenever you access the AWS Management Console or the AWS CLI.

For the AWS Management Console:

  • Go to the AWS sign-in page and enter your username and password as usual.
  • On the next page, you will see a prompt to enter your MFA code. Open the Microsoft Authenticator app on your smartphone and find the code for your AWS account. Enter this code in the text box and click on Submit.
  • You will be redirected to the AWS Management Console.
how to set up multi factor authentication for aws

For the AWS CLI:

  • Before you can use the AWS CLI with MFA, you need to create a temporary session token that includes the MFA code. You can do this by using the [aws sts get-session-token] command with the --serial-number and --token-code parameters.
  • The --serial-number parameter is the ARN of your virtual MFA device, which you can find on the Security Credentials page for the root user or the IAM dashboard for the IAM user. It has the format arn:aws:iam::account-id:mfa/user-name.
  • The --token-code parameter is the six-digit code from the Microsoft Authenticator app for your AWS account.
  • For example, if your account ID is 123456789012, your user name is Wick, and your code is 123456, you can run the following command:
Bash
aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/Alice --token-code 123456
  • The command will return a JSON output that contains the temporary access key ID, secret access key, session token, and expiration date. You can use these values to set the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables or store them in a profile in the AWS credentials file.
  • After you have set up the temporary credentials, you can use the AWS CLI as usual with MFA.

Conclusion

In this blog post, I have shown you how to set up MFA for your AWS account using the Microsoft Authenticator app, which is a virtual MFA device that runs on your smartphone and generates a six-digit code based on the TOTP algorithm.

MFA can help you protect your AWS account from unauthorized access and enhance the security of your data. I hope you found this post useful and informative. If you have any questions or feedback, please leave a comment below. Thank you for reading!

Bharath Adigopula
Bharath Adigopulahttps://www.bharathwick.com
Deep interest in the world of technology, particularly in the areas of Cloud Computing, Internet, Gadgets, Security, Linux, Windows, and DevOps.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Follow Me

0FansLike
0FollowersFollow
28FollowersFollow

Latest Articles

Load more

I am thrilled to share my digital space that showcases my fervor for technology, with a focus on cloud computing and emerging tech.

© Bharathwick