IAM should have hardware MFA enabled for the root account¶
MFA adds an extra layer of protection on top of a user name and password. Enabling hardware MFA provides increased security for console access as it has a smaller attack surface than a virtual MFA.
Console Remediation Steps¶
Logged in as the root account user, from the top navigation, select your account name > My Security Credentials.
If you see a warning about accessing the security credentials for your AWS account, choose Continue to Security Credentials.
Expand the Multi-factor authentication (MFA) section and click Activate MFA.
Select hardware MFA device and follow the steps documented here.
CLI Remediation Steps¶
Remediation is not possible via the CLI.