The 'root' user account should use hardware-based MFA
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Description
The root user account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a username and password. When a user signs in to an AWS website that has MFA enabled, they are prompted for their username and password, as well as an authentication code from their AWS MFA device. Datadog recommends for Level 2 security that you protect the root user account with a hardware MFA device due to its smaller attack surface compared to a virtual MFA. Using a hardware MFA device reduces the vulnerability introduced by mobile devices where virtual MFAs typically reside. However, if managing a single hardware MFA across many AWS accounts poses challenges, you might consider applying this recommendation selectively to the highest security accounts.
For instructions on enabling a hardware MFA for the root account, refer to Enabling Hardware MFA for Your AWS Account Root User.
