IAM MFA Hands On- AWS Certified Solutions Architect Associate Course SAA-C02- So we are going to first set up a password policy for our account.

• So On Account Settings(Root User Account), on the left hand side.

• we click on change password policy.

• and here we can enforce a password policy.
• For example,
• the password minimum length,
• we can require one uppercase,
• one lowercase, one number,
• you can customize your password policy as you wish
• and then click on save changes.

• This password policy enhances the security of your accounts.

MFA for our root accounts

• The second thing we need to do id set up
• MFA for our root accounts.
• So the root account is again, very important to protect
• because it has full power of your accounts.
• And so, as a note,
• this is something I’m going to do in front of you for demo.
• you dont have to do it.
• and if you do it.
• then you have higher security on your accounts.
• But if you lose your MFA Token.
• then you will be locked out of your account.
• So again, you can just see what i’m doing.
• and not follow the hands on, if you want.
• And so we can click on the account name
• on the right hand side,
• top right and click on  security credentials.

• This takes us to this page where we can click
• on the multi-factor authentication

• and we are going to activate MFA to protect our accounts.

• so we have three options,
• we have virtual MFA, UTF security key
• or other hardware MFA device.

• Because we want to use our phone,
• we’re going to use a virtual MFA device.

• Here we have a list of compatible applications we can use
• to set up MFA.

• And on this web page you can have a look,
• By Scrolling down for the virtual MFA applications.
• for android and iPhone we can use all of these in this list.
• My personal favorite is to use Authy
• So there is Authy for Android and Authy For iPhone

• and it is a free application that i really like.
• So let me show you how this works.
• So we are in here and I’ going to show the QR code.

• Next, I’m going to start Authy on my phone.

• So Auhty is started on my phone
• and I’m going to go and add an account,

• I’ll scan a QR code which is there on my laptop screen
• and i will scan the QR code right here.
• Its adding the accounts.

• so you need to make sure that you’re happy
• with the logo, as well as the account nickname.
• So everything looks good to me.
• I will click on save and here I get a code.

• So the first MFA code I have to enter in this box(on laptop)
• so
• and then i have to wait an extra 15 seconds for the new code to appear
• and my next code is

• So they’re linked.
• I assign the MFA and it is successfully assigned the MFA.
• So we’ll be prompted to use an MFA next time that we login.
• into our accounts.
• So to do so, what I’m going to do
• is that I’m going to log out of my AWS accounts, right here

• and I’m going to sign in the console again.

• I will use my Root user and I will enter my email.

• Enter Password

• and then I will enter the MFA token.

• I am getting from the device.
• So
• Click on submit.
• And here i go
• I am connected into my management console using MFA.

• So that’s it, MFA is set up for my root accounts.
• Once you do so.
• Please make sure not to lose your phone or your MFA device.
• because then you will be locked our of your account.
• So that is something very important not to lose.
• And I hope you like this lecture.
• I will see you in the next lecture.