Ensure hardware MFA is enabled for the root account

Rating	🛑 - High

Description

Protecting the root account with a hardware MFA token to increase security with protecting the credentials.

Vulnerability

MFA (or multi factor authentication) refers to using an additional factor (like a security fob or a one-time password), in addition to the regular username and password to gain access to an account. This reduces the likelihood of the account being compromised due to the loss of the root username and password.

Remediation

Follow the AWS best practices to configure MFA on your root account.

References

• AWS CIS v.1.4.0 - 1.6
• AWS CIS v.1.2.0 - 1.14

Links

• https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf#page=38