IAM should have virtual MFA enabled for the root account¶
Enabling MFA provides increased security for console access as it requires the authenticating principal to possess a device that emits a time-sensitive key and have knowledge of a credential. When virtual MFA is used for root accounts, the device should be a dedicated mobile device independent of personal devices.
Console Remediation Steps¶
Logged in as the root account user, from the top navigation, select your account name > My Security Credentials.
If you see a warning about accessing the security credentials for your AWS account, choose Continue to Security Credentials.
Expand the Multi-factor authentication (MFA) section and click Activate MFA.
Select Virtual MFA device and follow the steps documented here.
CLI Remediation Steps¶