Multi factor authentication (MFA) is a secure authentication protocol that requires users to provide credentials using authentication codes sent to their multiple devices. AWS (Amazon web services) allows you to set up multi factor authentication for better security purposes. In this article, we will look at how to enable multi factor authentication for AWS for IAM (Identity and Access Management) users.
How To Enable Multi Factor Authentication for AWS
Here are the steps to enable multi factor authentication for AWS. We will set up multi factor authentication using a mobile device such that users will have to enter an authentication code generated on their mobile phones, in addition to their password, to log into AWS.
1. Download and Install Auth Code Generator
First, you need to download and install an authentication code generator to your mobile device. There are a list of compatible apps supported by AWS, on their site. We will use Authy 2-Factor Authentication for Android.
Also read : How to Disable ETag in NGINX
2. Select Users
Log into AWS and go to IAM services section via Services section. On the left navigation pane, select Users option.
This will open the Users page with a list of users. Click on the user for whom you want to create multi factor authentication.
Also read : Apache Restrict Access by IP
3. Manage user
You will see a Summary tab on the Users page, below the list of users. Click on Security Credentials tab, and then click Manage link, as shown below.
You will see a list of MFA devices. Pick the appropriate one and click Continue.
Also read : How to Enable HTTP/2 in NGINX
4. Choose Virtual MFA device
On the next page, you will see a list of options to set up virtual MFA device. If your authentication code generator can read QR code, select that link and follow steps to set it up on your mobile device. Else click the link to show secret code and type it manually. We will select this option.
Once you enter their secret code, you will be asked to enter another secret code generated on your mobile device. After you enter these two codes, click Assign MFA codes soon.
Also read : How to Enable X-Powered-By in Apache
5. Complete Setup
If the setup is successful, you will receive a confirmation notice. Click the Close button to complete the process.
Now when an IAM user log into AWS, they will be required to enter their password as well as an authentication code generated by their mobile app.