Multi-factor authentication should be enabled for all IAM users with console access

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Multi-Factor Authentication (MFA) adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password, and for an authentication code from their AWS MFA device. It is recommended that MFA be enabled for all accounts that have a console password.

Rationale

Enabling MFA provides increased security for console access as it requires the authenticating principal to possess a device that emits a time-sensitive key and have knowledge of the credential.

Remediation

Follow the Enabling a virtual multi-factor authentication (MFA) device documentation for console remediation steps.

References

  1. http://tools.ietf.org/html/rfc6238
  2. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
  3. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users