https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
Using multi-factor authentication (MFA) in AWS - AWS Identity and Access Management
Have you considered using AWS Single Sign-On (AWS SSO)? You can use AWS SSO to centrally manage access to multiple AWS accounts and provide users with MFA-protected, single sign-on access to all their assigned accounts from one place. With AWS SSO, you can
docs.aws.amazon.com
#001) How to set up AWS account free You've set up your AWS account.
It's not mandatory but highly recommended to enable MFA for your root user for many reasons.
What is MFA(Multi-Factor Authentication)?
Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism
You can easily protect your account safely in case of you losing your password
It's not rare to see cases that accounts are hacked, hackers change your email address or use your AWS account to mine a coin, which is likely to cause charing a vast amout of money.
.
.
.
Before enabling MFA for your root user, make sure you are using a recently updated email address and phone number from your account settings. ( AWS requires you to use these information in case of MFA lost)
1. Add MFA
Go to Security credentials tab.
Activate MFA from the Multi-factor authentication section.
Choose your way of MFA device to use. I've used Virtual MFA device option as an example.
See what kinds of virtual MFA applications are available. I've installed Google Authenticator from my phone.
After that, go to the app and Scan a QR code with plus icon at the bottom.
Check AWS screen to have newly created QR code, scan this code with your phone.
Type MFA 6 letters code that you can directly see from your auth application,
and wait for a new code and type that in MFA code 2.
Successfully assigned! Be sure that you don't accidentally delete the authentication application.
If everything works great, You'll get to submit MFA code after signing in with your passwords.
Then go to the app again to check the code to log in.
Here we got new code for sign in. For root users, check the code with root-account-mfa.. ID.
1) What if i don't add MFA ?
If your account is hacked, It may charge you a lot of money at any time so you should be responsible
for securely managing access to their root account credentials.
-> When it happened to you, Try to contact to AWS support Center to report your case to get some help.
(Refund or AWS Credits depending on your specific situations.)
* recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, use your root user credentials only to create your IAM admin user.
2) What if i lost MFA device?
When device doesn't work all of sudden or automatically updated by itself, you may not be able to use the same MFA device to log in.
-> Sign in using alternative factors.
Clike having problems with your authentication device at MFA code enter page.
Step1, Verify your email address to verify yourself.
Step2, Clike Call me now to answer and to use your phone’s keypad to submit the six-digit verification code that appears on your computer screen.
* If you don't put your phone number with country code, It's likely to disrupt this process. You will need to contact AWS Support for further assistance.
'AWS - ENG' 카테고리의 다른 글
| #002) How to close AWS account (0) | 2022.06.27 |
|---|---|
| #001) How to create AWS account free (0) | 2022.06.27 |
