Rule: IAM Root User MFA Should Be Enabled

Rule: IAM Root User MFA Enablement for CISA-Cyber Essentials

Description:

Troubleshooting Steps:

2. 1.

   Ensure you have the necessary permissions: Verify that you have the required permissions to modify the IAM root user settings. You must have the "iam:CreateVirtualMFADevice" and "iam:EnableMFADevice" permissions.

4. 2.

   Check the MFA device status: Verify if an MFA device is already associated with the IAM root user by checking its status. If it is already enabled, you may proceed to the next steps. If not, continue with the next steps.

6. 3.

   Verify virtual MFA device compatibility: If you are using a virtual MFA device, ensure that it is compatible with AWS services. Only virtual MFA devices that comply with the Time-based One-Time Password (TOTP) algorithm are supported.

8. 4.

   Verify the MFA device configuration: Check if the MFA device is correctly configured and synchronized with the IAM root user's account.

10. 5.

    Verify the user's credentials: Ensure that you are using the correct AWS account credentials for the IAM root user.

12. 6.

    Check the AWS region: Verify that you are operating in the correct AWS region where the IAM root user's MFA device needs to be enabled.

14. 7.

    Restart the process: If the above steps do not resolve the issue, consider restarting the process from scratch. Remove any existing MFA configuration and try enabling MFA again.

Necessary Code:

Step-by-Step Guide for Remediation:

2. 1.

   Open the AWS Management Console: Log in to the AWS Management Console with your IAM root user credentials.

4. 2.

   Navigate to the IAM service: From the console dashboard, search for and click on the "IAM" service.

6. 3.

   Access the root user settings: In the IAM console, click on "Dashboard" in the left sidebar. Then, click on the account alias link for the root user.

8. 4.

   Manage security credentials for the root user: In the root user management page, find the section labeled "Multi-Factor Authentication (MFA)" and click on "Manage MFA."

10. 5.

    Create a virtual MFA device: In the "Manage MFA Device" page, select the "A virtual MFA device" option and click "Continue."

12. 6.

    Scan the QR code or provide a secret key: Use a compatible authenticator application (such as Google Authenticator) to scan the QR code displayed on the screen. Alternatively, manually enter the secret key into your MFA application.

14. 7.

    Verify the MFA device: After scanning the QR code or entering the secret key, your MFA application will generate a six-digit authentication code. Enter this code into the verification field and click "Activate MFA."

16. 8.

    Confirm MFA activation: After successfully activating MFA, you will see a confirmation message. Click "Finish" to complete the process.

18. 9.

    Test MFA configuration: Log out of the AWS Management Console and log back in using the IAM root user credentials. When prompted, enter the authentication code generated by your MFA application.

20. 10.

    Verification and completion: Once you successfully log in with MFA, the configuration is complete. Ensure the MFA device is properly synchronized, and regularly test its functionality to ensure continued security.