Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM Root User MFA Enabled Rule

This rule ensures that IAM root user MFA is enabled to enhance security measures.

RuleIAM root user MFA should be enabled
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Medium

Rule Description:

The IAM root user should have Multi-Factor Authentication (MFA) enabled to comply with the General Data Protection Regulation (GDPR). MFA adds an extra layer of security by requiring an additional authentication factor, such as a code from a mobile app or a physical token, in addition to the username and password.

Troubleshooting Steps:

If MFA is not enabled for the IAM root user, follow these steps to troubleshoot the issue:

  2. 1.
    Check if MFA is already enabled for the IAM root user.
  4. 2.
    Confirm that the IAM root user has the necessary permissions to enable MFA.
  6. 3.
    Ensure that the MFA device is correctly linked to the IAM root user account.
  8. 4.
    Verify that the IAM root user has a valid phone number or a compatible MFA device assigned to it.
  10. 5.
    If the issue persists, check if there are any conflicting IAM policies that may prevent MFA from being enabled.

Necessary Code:

There is no specific code required for this rule, as it involves configuring MFA for the IAM root user, which can be done through the AWS Management Console.

Step-by-Step Guide for Remediation:

  2. 1.

    Sign in to the AWS Management Console as the IAM root user.

  4. 2.

    In the top navigation bar, click on your account name and select "My Security Credentials" from the dropdown menu.

  6. 3.

    On the "My Security Credentials" page, under the "Multi-factor authentication (MFA)" section, click on the "Manage MFA" button.

  8. 4.

    If you haven't set up an MFA device for the IAM root user yet, a prompt will appear. Choose the type of MFA device you want to set up (such as virtual MFA or hardware MFA).

  10. 5.

    Follow the on-screen instructions to complete the MFA device setup process.

  12. 6.

    Once the MFA device is set up, return to the "Manage MFA" page. You should now see the MFA device associated with the IAM root user.

  14. 7.

    Test the MFA setup by signing out and signing back in with the IAM root user credentials. You will be prompted to enter the MFA code generated by the device.

  16. 8.

    Ensure that the MFA device is stored in a secure location and the associated codes or physical device are not shared with unauthorized individuals.

By following these steps, you have successfully enabled MFA for the IAM root user to comply with GDPR requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now