MFA should be enabled for all users with console access

iam
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Multi-Factor Authentication (MFA) adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username, password, and an authentication code from their AWS MFA device. Datadog recommends that you enable MFA for all accounts that have a console password to enhance security.

Enabling MFA provides increased security for console access as it requires the user to possess a device that emits a time-sensitive key, in addition to knowing the credential.

Remediation

For instructions on enabling a virtual multi-factor authentication (MFA) device, refer to the AWS documentation on enabling MFA.