IAM multi-factor authentication should be enabled for all IAM users that have a console password


Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

Console Remediation Steps

  • Navigate to IAM.

  • In the left navigation, select Users.

  • Add the MFA column if it is not displayed by default.

  • Select the user whom does not have MFA enabled.

  • Click the Security credentials tab.

  • In Assigned MFA Device, click Manage.

  • Enable MFA for the user as described here.

  • Repeat the above steps until all users have MFA enabled.

CLI Remediation Steps