IAM MFA Hands On- AWS Certified Solutions Architect Associate Course SAA-C02- So we are going to first set up a password policy for our account.
- So On Account Settings(Root User Account), on the left hand side.
- we click on change password policy.
- and here we can enforce a password policy.
- For example,
- the password minimum length,
- we can require one uppercase,
- one lowercase, one number,
- you can customize your password policy as you wish
- and then click on save changes.
- This password policy enhances the security of your accounts.
MFA for our root accounts
- The second thing we need to do id set up
- MFA for our root accounts.
- So the root account is again, very important to protect
- because it has full power of your accounts.
- And so, as a note,
- this is something I’m going to do in front of you for demo.
- you dont have to do it.
- and if you do it.
- then you have higher security on your accounts.
- But if you lose your MFA Token.
- then you will be locked out of your account.
- So again, you can just see what i’m doing.
- and not follow the hands on, if you want.
- And so we can click on the account name
- on the right hand side,
- top right and click on security credentials.
- This takes us to this page where we can click
- on the multi-factor authentication
- and we are going to activate MFA to protect our accounts.
- so we have three options,
- we have virtual MFA, UTF security key
- or other hardware MFA device.
- Because we want to use our phone,
- we’re going to use a virtual MFA device.
- Here we have a list of compatible applications we can use
- to set up MFA.
- And on this web page you can have a look,
- By Scrolling down for the virtual MFA applications.
- for android and iPhone we can use all of these in this list.
- My personal favorite is to use Authy
- So there is Authy for Android and Authy For iPhone
- and it is a free application that i really like.
- So let me show you how this works.
- So we are in here and I’ going to show the QR code.
- Next, I’m going to start Authy on my phone.
- So Auhty is started on my phone
- and I’m going to go and add an account,
- I’ll scan a QR code which is there on my laptop screen
- and i will scan the QR code right here.
- Its adding the accounts.
- so you need to make sure that you’re happy
- with the logo, as well as the account nickname.
- So everything looks good to me.
- I will click on save and here I get a code.
- So the first MFA code I have to enter in this box(on laptop)
- so
- and then i have to wait an extra 15 seconds for the new code to appear
- and my next code is
- So they’re linked.
- I assign the MFA and it is successfully assigned the MFA.
- So we’ll be prompted to use an MFA next time that we login.
- into our accounts.
- So to do so, what I’m going to do
- is that I’m going to log out of my AWS accounts, right here
- and I’m going to sign in the console again.
- I will use my Root user and I will enter my email.
- Enter Password
- and then I will enter the MFA token.
- I am getting from the device.
- So
- Click on submit.
- And here i go
- I am connected into my management console using MFA.
- So that’s it, MFA is set up for my root accounts.
- Once you do so.
- Please make sure not to lose your phone or your MFA device.
- because then you will be locked our of your account.
- So that is something very important not to lose.
- And I hope you like this lecture.
- I will see you in the next lecture.