IAM Root User MFA Should Be Enabled Rule

Rule Description

Troubleshooting Steps

2. 1.

   Verify if the IAM root user is currently using MFA. You can do this by logging into the AWS Management Console with the root user credentials and checking the MFA status in the IAM section.

4. 2.

   If MFA is not enabled, proceed to enable it by following the remediation steps mentioned below.

Necessary Code

Remediation Steps

2. 1.

   Log in to the AWS Management Console using the root user credentials.

4. 2.

   Open the IAM service by searching for "IAM" in the AWS Management Console's search bar and selecting the IAM option.

6. 3.

   In the left navigation panel, click on "Users" to view the list of IAM users.

8. 4.

   Locate and select the IAM root user from the user list.

10. 5.

    In the "Security credentials" tab, click on the "Manage" button for "Assigned MFA device."

12. 6.

    In the "Manage MFA device" wizard, select the appropriate MFA device option. You can choose between a virtual MFA device (e.g., Google Authenticator) or a hardware MFA device. Follow the instructions provided based on the chosen MFA device.

14. 7.

    Once the MFA device is set up and associated with the root user, click on the "Next Step" button.

16. 8.

    The next screen will prompt you to enter the current MFA code generated by the device. Enter the code and click on the "Activate MFA" button.

18. 9.

    You have now successfully enabled MFA for the IAM root user.

Verification

2. 1.

   Log in to the AWS Management Console using the root user credentials.

4. 2.

   Open the IAM service by searching for "IAM" in the AWS Management Console's search bar and selecting the IAM option.

6. 3.

   In the left navigation panel, click on "Users" to view the list of IAM users.

8. 4.

   Locate and select the IAM root user from the user list.

10. 5.

    In the "Security credentials" tab, check the MFA status for the root user. It should display "Enabled."