Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Save 40% OFF on AWS Foundational Reviewers + Get Free Cloud Practitioner eBook if you buy Practice Exam + Video Course Bundle!

Guided Lab: Enabling Multi-Factor Authentication (MFA)

Description

Multi-factor authentication (MFA) is an additional layer of security designed to ensure that individuals trying to access an account are who they say they are. It combines something the user knows (a password) with something they have (a mobile device generating MFA codes). Even if the password is compromised, an attacker cannot access the account without the second factor, significantly enhancing security.

MFA can be set up using:

  • Virtual MFA devices (such as Google Authenticator and Authy)
  • Hardware MFA devices

Objectives

In this lab, you will learn how to enable Multi-Factor Authentication (MFA)  for your IAM user account to increase the security of your AWS environment.

Lab Steps

Enabling MFA

1. Search for IAM in the AWS console search bar. Select IAM from the list of services to open the IAM Dashboard.

2. In the IAM Dashboard, click Users on the left-hand menu.

3. Select an IAM user to enable MFA.

4. Go to the Security credentials tab.


You can safely ignore the Access Denied Pop-ups. This warning does not affect the process of setting up MFA.


5. Under Multi-factor authentication (MFA), click Assign MFA device.

6. For this lab,

a. Set the Device name to MFA-Lab-Test

b. For the MFA device Device options, choose the Authenticator app.

c. Click Next.

d. Note that you need to install Virtual MFA devices (such as Google Authenticator and Authy). In this lab, we will use Google Authenticator App from Google Play

7. Take your time to check the list of compatible applications in the given link:

8. Click on the Show QR code and scan it using the Authenticator App.

9. Input the two consecutive MFA codes generated by the app and click Add MFA.

10. A confirmation notice will appear Upon successfully adding the MFA, indicating the process is complete.

Verifying MFA Setup

1. Click on your username dropdown in the upper right corner and log out to the AWS console.

2. Try logging back in using your root or IAM user account.

3. You will be prompted for the MFA code after entering your username and password.

4. Open the MFA app, enter the current six-digit code, and sign in.

5. You will then be redirected to the AWS Console.


Note: Since this is a practice session using PlayCloud, the MFA you created during this lab will be automatically deleted when the session ends.


Congratulations! You successfully enabled MFA in an AWS account. This ensures that only individuals with both the correct credentials and the MFA device can access the account. You also learned how to verify the setup by logging back into your account using the generated MFA codes.

Lastly, add to your habit of cleaning up the resources after finishing this lab. This is a good habit and gives you good practice in taking responsibility for your resources. Thank you, and happy learning!

Skip to content