No MFA enabled for AWS root user account

Description

An AWS account root user has no associated Multi-Factor Authentication (MFA) device.

The root account is the most privileged user in an AWS account. If an attacker gains access to your root credentials, they can perform all administrative actions on your account. MFA adds an extra layer of authentication so that if your username and password are compromised, an attacker needs the MFA code to login.

Remediation

1. Add an MFA device by following the AWS Documentation.

Note: The IAM account root user for Gov Cloud (US) regions does not have console access. This control is not applicable for Gov Cloud (US) regions.