Multi-Factor Authentication (AWS)

Owned by Ram Rocabo
Last updated: Dec 15, 2020
3 min read

This guide will help you setup MFA for your AWS Account - this will help increase the security of your account and comply with AWS Security best practices.

How to enable Multi-Factor Authentication

  1. Login to your AWS Account

  2. Select Dropdown on your Username > Select My Security Credentials

3. Select Assign MFA Device

4. Select Virtual MFA Device then Continue

5. Select Show QR Code then add two (2) consecutive MFA codes.

List of Available MFA Application
AuthyDuo MobileLastPass AuthenticatorMicrosoft AuthenticatorGoogle Authenticator

6. A message like this will pop out it is a confirmation that your MFA has been successfully assign to your account.

Error if MFA is not enabled yet

This error will occur if you have not setup the MFA on your account yet - even if you have the permission to access AWS resources.

E.G testiamuser has a ec2fullaccess policy on the AWS environment but did not have MFA enabled. When the user tried to access the EC2 service. it shows API Error and the user cannot access the EC2 resources.

Note:
If you do not have IAM access policy, this policy will still allow the user to change/update their own password but they are restricted in accessing the IAM Console and also the user is restricted in creating their own access keys. They can change/update their password by access their security credentials by following step 1.
If this is your first time login in without MFA you cannot change your password yet you need to setup the MFA first.

To fix this error - please ensure you’ve setup MFA for your account using the steps in the first section of this guide.

If any issues/concerns, please reach out to Ram Rocabo or Patrick Hernandez on MS Teams, or cloudops@prophecyinternational.com via email.