Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM Root User MFA Enabled Rule

This rule ensures the enabled MFA for the IAM root user for added security measures.

RuleIAM root user MFA should be enabled
FrameworkHIPAA
Severity
Medium

Description

This rule ensures that Multi-Factor Authentication (MFA) is enabled and required for the root user in the AWS Identity and Access Management (IAM) service. MFA adds an extra layer of security to protect the root user's credentials and helps prevent unauthorized access.

Troubleshooting Steps

If MFA is not enabled for the root user, follow these troubleshooting steps:

  2. 1.
    Ensure you have Administrator access in the AWS account.
  4. 2.
    Open the IAM Management Console.
  6. 3.
    Navigate to the root user's security credentials.
  8. 4.
    Verify if MFA is enabled for the root user.
  10. 5.
    If MFA is not enabled, proceed to enable it.
  12. 6.
    Generate a virtual MFA device or associate a hardware MFA device for the root user.
  14. 7.
    Configure the MFA device by scanning the barcode or manually entering the serial number and authentication code.
  16. 8.
    Save the MFA device configuration settings.
  18. 9.
    Test the MFA setup by logging out and logging back in as the root user, providing the required MFA token during login.

Necessary Code

There is no specific code required to enable MFA for the root user. This is managed through the IAM Management Console.

Step-by-Step Guide for MFA Enablement

  2. 1.
    Sign in to the AWS Management Console as the root user.
  4. 2.
    Open the IAM Management Console.
  6. 3.
    In the navigation pane, click on "Access management" and then "Users".
  8. 4.
    Locate the root user in the list and click on its name.
  10. 5.
    Scroll down to the "Security Credentials" section.
  12. 6.
    In the "Multi-Factor Authentication (MFA)" row, click on "Manage".
  14. 7.
    On the Manage MFA Device page, choose "A virtual MFA device" or "A U2F security key" option.
  16. 8.
    Follow the on-screen instructions to set up and activate the chosen MFA device.
    • For virtual MFA device:
      • Install an authenticator app like Google Authenticator on your mobile device.
      • Choose "Virtual MFA Device" and click on "Next Step".
      • Open the authenticator app and scan the QR code displayed on the screen.
      • The app will generate a 6-digit authentication code for you to enter.
      • Enter the generated code into the "Authentication Code 1" field and wait for at least 30 seconds for a new code to be generated.
      • Enter the new code into the "Authentication Code 2" field and click on "Activate Virtual MFA".
    • For U2F security key:
      • Connect your U2F security key to your computer.
      • Choose "U2F Security Key" and click on "Next Step".
      • Follow the on-screen instructions to complete the setup.
  18. 9.
    After successful activation, you will see a confirmation message.
  20. 10.
    Click on "Close" to return to the root user's security credentials.
  22. 11.
    Ensure that the MFA device is associated with the root user by viewing the "Multi-Factor Authentication (MFA)" row.
  24. 12.
    Logout from the AWS Management Console.
  26. 13.
    Log back in as the root user.
  28. 14.
    When prompted for authentication, enter the MFA token generated by the virtual MFA device or provide the U2F security key.
  30. 15.
    Once authenticated, you will have access to the AWS Management Console.

Note: It's recommended to have a backup MFA device configured in case the primary device is lost or not available.

By following these steps, MFA will be enabled for the root user, ensuring compliance with HIPAA requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now