MFA should be enabled for the 'root' account

iam
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

The root account is the most privileged user in an AWS account. MFA (multi-factor authentication) adds an extra layer of protection on top of a username and password. With MFA enabled, users are prompted for their username, password, and an authentication code from their AWS MFA device when signing in. Datadog recommends using a dedicated non-personal device for setting up virtual MFA for root accounts to minimize risks like device loss or if the device owner leaves the company.

Enabling MFA provides increased security for console access because it requires the authenticating principal to possess a device that emits a time-sensitive key and have knowledge of a credential. Note that the IAM User root account for GovCloud (US) regions does not have console access, so this control is not applicable for GovCloud (US) regions.

Remediation

For instructions on enabling MFA for the root account, refer to Managing MFA for Your AWS Account Root User.