5) IAM MFA Overview(IAM Password Policy)- AWS Certified Solutions Architect Associate Course SAA-C02- Section 1: IAM & AWS CLI

BySai Charan Paloju

Jul 26, 2022 #5) IAM MFA Overview(IAM Password Policy)- AWS Certified Solutions Architect Associate Course SAA-C02- Section 1: IAM & AWS CLI, #Authy, #Authy api, #Authy apk, #Authy app, #Authy authenticator, #Authy chrome, #Authy desktop, #Authy desktop download, #Authy login, #Authy twilio, #Authy vs google authenticator, #aws, #aws create virtual mfa device, #AWS IAM, #AWS IAM authenticator, #AWS IAM commands, #AWS IAM documentation, #AWS IAM interview questions, #aws iam list-virtual-mfa-devices, #AWS IAM login, #AWS IAM policy, #AWS IAM policy generator, #AWS IAM roles, #AWS IAM tutorial, #AWS IAM user login, #aws MFA Device options, #aws_iam_virtual_mfa_device, #change mfa device, #create-virtual-mfa-device, #does modern authentication require mfa, #enable a virtual mfa device for an iam user, #Gemalto, #Gemalto device, #Gemalto device price, #Gemalto driver for windows 10, #Gemalto price, #Gemalto safenet, #Gemalto software, #Gemalto token, #Gemalto token driver, #Gemalto token driver download, #Gemalto token installation, #google authenticator, #google authenticator app, #google authenticator app download, #google authenticator code, #google authenticator download, #google authenticator extension, #google authenticator login, #google authenticator pc, #google authenticator qr code, #google authenticator recovery, #how to reset password for iam user, #how to set password for iam user, #IAM MFA, #IAM MFA AWS, #IAM MFA cli, #IAM MFA cloudformation, #IAM MFA permissions, #IAM MFA policy, #IAM MFA resync, #IAM MFA role, #IAM MFA setup, #IAM MFA sso, #IAM MFA user, #IAM Password, #IAM Password complexity, #IAM Password management, #IAM Password policy, #IAM Password policy aws, #IAM Password policy best practices, #IAM Password policy cdk, #IAM Password policy cli, #IAM Password policy cloudformation, #IAM Password policy cloudformation templete, #IAM Password policy terraform, #IAM Password policy trusted advisor, #IAM Password portal, #IAM Password wisconsin, #IAM-Password-policy-conformance-pack, #IAM-Password-policy-recommended-defaults, #is modern authentication required for mfa, #MFA Device, #MFA Device arn, #MFA Device expiration, #MFA Device for aws, #MFA Device lost aws, #MFA Device meaning, #MFA Device options, #MFA Device registration, #MFA Device token, #MFA Device token is empty, #MFA setup options, #multi factor authentication, #multi factor authentication app, #multi factor authentication can be used to handle, #multi factor authentication examples, #multi factor authentication in azure, #multi factor authentication in salesforce, #multi factor authentication is one of the daas applications, #multi factor authentication is one of the dash application, #multi factor authentication meaning, #multi factor authentication microsoft, #multi factor authentication office 365, #products, #saicharanpaloju, #smart cherrys tech, #smartcherrysthoughts, #Surepassid, #Surepassid app, #Surepassid authenticator, #Surepassid fips, #Surepassid login, #Surepassid northrop grumman, #Surepassid not working, #Surepassid push authenticator, #Surepassid push mobile authenticator, #Surepassid qr code, #u2f security key, #u2f security key amazon, #u2f security key api, #u2f security key aws, #u2f security key coinbase, #u2f security key google, #u2f security key how it works, #u2f security key iphone, #u2f security key reddit, #u2f security key salesforce, #universal 2 factor, #universal 2nd factor, #universal 2nd factor (u2f), #universal 2nd factor (u2f) overview, #universal 2nd factor (u2f) security key, #universal 2nd factor authentication, #universal 2nd factor keys, #virtual MFA Device, #virtual MFA Device app, #virtual MFA Device download, #virtual MFA Device for windows, #what is mfa multi factor authenticaton, #what is the universal factor, #yubico, #yubico authenticator, #yubico company, #yubico india, #yubico key, #yubico key price, #yubico linkedin, #yubico security key, #yubico security key setup, #yubico yubikey 5 nfc, #yubico yubikey 5c nfc, #yubikey, #yubikey [ersonalization tool, #yubikey 5 nfc, #yubikey 5c nano, #yubikey 5c nfc, #yubikey amazon, #yubikey india, #yubikey manager, #yubikey meaning, #yubikey price, #yubikey price in india

5) IAM MFA Overview(IAM Password Policy)- AWS Certified Solutions Architect Associate Course SAA-C02- Now that we have created users and groups, it is time for us to protect these users and groups from being compromised.

  • So for this we have two defense mechanisms.
  • The first one is to define what’s called a Password Policy.
  • Why?
  • Well’ because the stronger the password you use
  • the more security for your accounts.
  • So in AWS, you can set up a password policy.
  • with different options.
  • The first one is you can set a minimum password length.
  • and you can require specific character types,
  • for example, you may want to have an uppercase letter,
  • lowercase letter, number, non-alphanumeric characters,
  • for example a questions mark and so on.
  • Then you can allow or not,
  • IAM users to change their own passwords
  • or you can require users to change their password.,
  • after some time, to make your password expired,
  • for example, to say every 90 days, users have to change their passwords.
  • Finally, you can also prevent password reuse.
  • so that users when they change their passwords,
  • dont change it to the one they already have
  • or change it to the one they had before.
  • So this is great, a password policy, really is helpful,
  • against brute force attacks on your accounts.
  • But there’s a second defense mechanism.
  • that you need to know, going into the exam,

Multi Factor Authentication- MFA

  • and this is the Multi Factor Authentication or MFA.
  • It is possible you already to use it, on some websites.
  • but on AWS it’s a must and it’s very recommended to use it.
  • So, users have access to your account,
  • and they can possibly do a lot of things,
  • especially if they’re, administrators,
  • they can change configuration, delete resources.
  • and other things.
  • So you absolutely want to protect at least
  • your Root Accounts and hopefully all your IAM users.
  • so how do you protect them on top of the password?
  • Well, you use an MFA device.
  • So what is MFA?
  • MFA is using the combination of a password that you know,
  • and a security device that you own.
  • and these two things together,
  • have a much greater security than just a password.
  • So for example, let us take Alice.

  • Alice Knows her password,
  • but she also has an MFA Generating token.
  • and by using these things together while logging in,
  • she is going to be able to do a successful login on MFA.
  • so the benefit of MFA is that even if Alice
  • has lost her password, because it’s stolen or it’s hacked,
  • the account will not be compromised because the hacker,
  • will need to also get a hold of the physical device.
  • of Alice that could be a phone for example to do a login.

MFA Devices Options in AWS

  • Obviously, that is much less likely.
  • So what are the MFA devices option in AWS
  • and you should know them going to the exam.
  • but don’t worry they’re quite simple.
  • The first one is a Virtual MFA device,

 

  • this is what we’ll be using in the hands on
  • and so you can use Google Authenticator,
  • which is just working on one phone at a time,
  • or using Authy which is multi-device
  • They both work the same except one is multi-device.
  • And personally I use Authy because I like the fact that
  • I can use it on my computer and on my phones.

 

  • So, for Authy you have support
  • for multiple tokens on a single device.
  • So, that means that with a Virtual MFA device,
  • you can have your root account, your IAM user,
  • and another account, and another IAM user,
  • its up to you, you can have as many users
  • and accounts as you want on your Virtual MFA device,
  • which make it a very easy solution to use.

 

  • Now we have another thing called
  • a universal 2nd Factor or U2F Security Key,
  • and that is a physical device, for example,
  • a YubiKey by Yubico and Yubico is a a 3rd party to AWS,
  • this is not the AWS that provided, this is a 3rd party
  • and we use a physical device,
  • because maybe it’s super easy, you put it your Key fobs
  • and you’re good to go.
  • So this YubiKey supports multiple root and IAM users
  • using a single security so you don’t need as many keys
  • as users otherwise that will be a nightmare.
  • Then your other options,

 

  • you have a hardware key Fob MFA device
  • for example this one provided by Gemalto
  • which is also a third party to AWS
  • and finally, if you are using the cloud of the government.

  • in the US, The AWS GovCloud then you have a special Key Fob,
  • That looks like this, that is provided by SurePassID
  • which is also a 3rd party.
  • So that’s it, we’ve seen the theory
  • on how to protect your account.
  • but let’s go the next lecture to implement that.
  • So I will see you in the next lecture.

 

 

By Sai Charan Paloju

Trained AWS Certified Solutions Architect Associate Course SAA-C02/Content Writer/Creator, Masters Degree- Software Engineering, Bachelors Degree- Computer Science & Engineering, Youtuber- Host/Interviewer/Content Creator/Video Editor, Podcaster- Host/Interviewer/Content Creator/Editor, Technical Writer, Social Media Manager/Influencer Ex-Professional Cricketer mailme@smartcherrysthoughts.com https://smartcherrysthoughts.com/

59 thoughts on “5) IAM MFA Overview(IAM Password Policy)- AWS Certified Solutions Architect Associate Course SAA-C02- Section 1: IAM & AWS CLI”
  1. I may need your help. I tried many ways but couldn’t solve it, but after reading your article, I think you have a way to help me. I’m looking forward for your reply. Thanks.

  2. Yet, there’s more. The heart of any prosperous listings platform lies in its convenience of application. Interestingly, this From Russia treasure embraces an intuitive posting process that guarantees even beginner users can quickly post their products. From uploading pictures to providing brief summaries, the process is streamlined to preserve time and minimize barriers.

  3. One thing I would really like to say is the fact car insurance cancellation is a horrible experience and if you are doing the proper things like a driver you simply will not get one. A number of people do receive the notice that they’ve been officially dumped by their insurance company and several have to scramble to get added insurance after having a cancellation. Inexpensive auto insurance rates are often hard to get from cancellation. Having the main reasons with regard to auto insurance termination can help drivers prevent sacrificing one of the most important privileges readily available. Thanks for the tips shared by means of your blog.

  4. Great post. I used to be checking continuously this weblog and I’m impressed!
    Extremely useful information specifically the final section :
    ) I handle such information a lot. I used to be looking for this
    particular information for a long time. Thank you and best
    of luck.
    powered by GoToTop.ee
    https://ru.gototop.ee/

  5. Excellent beat ! I wish to apprentice whilst you amend your website,
    how can i subscribe for a blog website? The
    account aided me a appropriate deal. I were a little bit acquainted
    of this your broadcast provided vibrant transparent concept
    powered by GoToTop.ee
    https://ru.gototop.ee/

  6. Do you mind if I quote a few of your articles
    as long as I provide credit and sources back to your website?
    My blog is in the very same area of interest as yours and my visitors would genuinely benefit
    from some of the information you present here. Please
    let me know if this okay with you. Cheers!

  7. Мне понравилась систематическая структура статьи, которая позволяет читателю легко следовать логике изложения.

  8. Статья содержит обширную информацию и аргументы, подтвержденные ссылками на достоверные источники.

  9. Читателям предоставляется возможность самостоятельно исследовать представленные факты и принять собственное мнение.

  10. Great beat ! I would like to apprentice while you amend your web site, how could i subscribe for a blog site? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear concept

  11. Эта статья является настоящим источником вдохновения и мотивации. Она не только предоставляет информацию, но и стимулирует к дальнейшему изучению темы. Большое спасибо автору за его старания в создании такого мотивирующего контента!

  12. I have been surfing online more than 2 hours today, yet
    I never found any interesting article like yours. It is pretty worth enough for me.

    Personally, if all website owners and bloggers made good content as you did, the net will
    be a lot more useful than ever before.

  13. Thanks for the recommendations you have contributed here. Yet another thing I would like to say is that laptop memory demands generally go up along with other developments in the technologies. For instance, any time new generations of cpus are brought to the market, there is usually a corresponding increase in the scale demands of both the personal computer memory along with hard drive room. This is because software program operated by means of these cpus will inevitably surge in power to take advantage of the new technology.

  14. I don抰 even know how I ended up here, but I thought this post was great. I do not know who you are but certainly you’re going to a famous blogger if you are not already 😉 Cheers!

  15. Nice weblog right here! Additionally your site lots up very fast! What host are you the usage of? Can I am getting your affiliate hyperlink to your host? I desire my website loaded up as fast as yours lol

  16. Thanks for sharing your ideas. I might also like to say that video games have been ever evolving. Modern technology and innovative developments have made it simpler to create realistic and enjoyable games. These types of entertainment video games were not as sensible when the real concept was first of all being tried out. Just like other styles of electronics, video games too have had to develop by way of many generations. This itself is testimony to the fast development of video games.

  17. Good post made here. One thing I would like to say is the fact most professional career fields consider the Bachelors Degree like thejust like the entry level requirement for an online degree. While Associate Certification are a great way to get started, completing your current Bachelors presents you with many good opportunities to various professions, there are numerous internet Bachelor Course Programs available by institutions like The University of Phoenix, Intercontinental University Online and Kaplan. Another thing is that many brick and mortar institutions present Online variants of their certifications but commonly for a considerably higher charge than the firms that specialize in online college diploma plans.

  18. These days of austerity in addition to relative panic about getting debt, many people balk contrary to the idea of having a credit card to make purchase of merchandise or pay for any gift giving occasion, preferring, instead to rely on the actual tried plus trusted approach to making repayment – cash. However, if you’ve got the cash on hand to make the purchase completely, then, paradoxically, this is the best time for you to use the credit card for several factors.

  19. Мы предлагаем сделать «ссылочный прогон» для вашего сайта.
    О нас: Мы являемся компанией, более 10-ти лет предоставляющей
    услуги «ссылочного прогона»
    (массового размещения ссылок на сторонних сайтах) и хотели бы предложить вам данную
    услугу. В результате, через 3-5 дней, DR (Domain Rating) рейтинг вашего
    домена повысится, что положительно отразится на
    выдаче вашего сайта в Гугле и Яндексе.
    Если размещать ссылки на регулярной основе, то через 1-3 месяца,
    также, повысится и Яндекс показатель ИКС сайта.

    На сегодняшний день, это самый быстрый
    и недорогой вариант повышения авторитета сайта и улучшения его позиций
    в выдаче. Стоимость прогона составляет от 2 000 руб.
    и выше (и зависит от объёма размещаемых ссылок).
    Подробности см. на нашем сайте https://gototop.ee/ или пишите
    мне на alexey@gototop.ee Спасибо

Leave a Reply

Your email address will not be published. Required fields are marked *