Ensure MFA is enabled for the root account
Rating | 💀 - Critical |
---|---|
Description
The root user is the highest privileged, unrestricted account within your AWS landscape. It has to be securely protected.
Vulnerability
MFA (or multi factor authentication) refers to using an additional factor (like a security fob or a one-time password), in addition to the regular username and password to gain access to an account. This reduces the likelihood of the account being compromised due to the loss of the root username and password.
Remediation
Follow the AWS best practices to configure MFA on your root account.
References
- AWS CIS v.1.4.0 - 1.5
- AWS CIS v.1.2.0 - 1.13
- Trusted Advisor - Multi-factor authentication on root account