AWS Security – Part 1- Securing Root Account with MFA

Posted byAayush GoelPosted inCloudTags:, , , , , , , , , , , , , , ,

Task: Create AWS account and set up for below tasks

  • First step is to secure root user by enable MFA on root user
  • Create a news user or group for day to day tasks

What is the need to perform this:

Securing an AWS root account is crucial because it has unrestricted access to all resources and services within your AWS environment. If compromised, an attacker could delete resources, steal data, or even lock you out of your own account.

Key Reasons to Secure the Root Account:

1. Prevents Unauthorized Access – The root account has full control, making it a prime target for hackers.

2. Mitigates Security Risks – Without security measures, an attacker could create malicious users, change billing details, or shut down services.

3. Aligns with Best Practices – AWS recommends using the root account only for initial setup and securing it with Multi-Factor Authentication (MFA).

The best practice is to enable MFA on the root user and create separate IAM users with least privilege access for daily operations.

Once you have setup your account click on “Go to the AWS Management Console”

Management Console

Now you are logged in using your root user

In the search box type IAM

And click on add MFA

And click on next. Follow the below steps:

Click on Add MFA.

Congratulations, MFA is set for root user.

Now, let’s create a user or group for day to day activities.

So, as per the above snapshot on the left side there is an option “Users”. Click on it and then click on Create user.

Click on Next. Attach policy to the user. For now, since we need this user to perform admin tasks we are providing administrative access. Remember for unprivileged user always follow principle of least privilege.

Review the below configuration for the new user.

And click on create user. The password is mentioned below and can be copied or the login instructions can be sent over email by using “Email sign-in instructions” option on the right hand side.

Copied the sign-in URL, username and console password. Let’s try to sign in with that new user. Now as per the policy set the user will have to set a new password in order to proceed.

Once password is set. The new user is logged in.

Congratulations, we have now secured our root account with MFA and created a new admin user for daily activities.

Discover more from Information Security Blogs

Subscribe to get the latest posts sent to your email.

Leave a comment

Discover more from Information Security Blogs

Subscribe now to keep reading and get access to the full archive.

Continue reading