IAM Root User MFA Enabled Rule

Rule Description:

Troubleshooting Steps:

2. 1.
   Check if MFA is enabled for the IAM root user.
4. 2.
   If MFA is not enabled, follow the remediation steps below.

Remediation:

CLI Command:

aws iam create-virtual-mfa-device --virtual-mfa-device-name MFA-Device

Step-by-Step Guide:

2. 1.
   Open the AWS Management Console and navigate to the IAM service.
4. 2.
   In the navigation pane, choose "Users."
6. 3.
   Locate and select the IAM root user from the users list.
8. 4.
   Under the "Security credentials" tab, locate the "Assigned MFA device" section and choose "Manage."
10. 5.
    On the "Manage MFA device" page, select "Virtual MFA device" and choose "Continue."
12. 6.
    In the "Create virtual MFA device" wizard, select "Show QR code" to display the QR code.
14. 7.
    Use a compatible authentication app (e.g., Google Authenticator, Duo, Authy) to scan the QR code.

    • If you prefer to enter the secret key manually, choose "Show secret key for manual configuration."
16. 8.
    Enter the authentication code generated by the authentication app and choose "Assign MFA."
18. 9.
    You will be prompted to set up a secondary authentication method for the root user. Choose either "SMS" or "Voice Call" and follow the prompts to complete the setup.
20. 10.
    Once the MFA setup is complete, save the emergency recovery codes provided by AWS in a secure location.
22. 11.
    After the MFA device is enabled, you should see the status as "Enabled" under the "Assigned MFA device" section for the IAM root user.