Enabling MFA for All IAM Users
Additional Security Through IAM
Protecting account credentials is one of the most important parts of security in the AWS environment. One of the ways to protect credentials is by using MFA within IAM. Recommendation 1.2 of the CIS AWS Foundations Benchmark states that because MFA adds an extra layer of protection on top of a user name and password, MFA needs to be enabled for all IAM users with a console password. Requiring a time-sensitive authentication code or token increases the level of security within AWS IAM. For more information, visit the AWS documentation on using MFA.
One of the most important things that we have to do when we’re talking about our AWS environment is protecting our account credentials. To do this, we can enable multi-factor authentication. As an organization, the organization should enforce that all users are required to have MFA enabled. You, as an individual, can ensure that your organization has MFA enabled for each account by going into your AWS IAM Dashboard, logging into the user section, and looking at each account to make sure each user has MFA-enabled checked. Thus, you can make sure that each user is required to protect their account with MFA when they’re logging into AWS.