Ensure MFA is enabled for the root account

Rating	💀 - Critical

Description

The root user is the highest privileged, unrestricted account within your AWS landscape. It has to be securely protected.

Vulnerability

MFA (or multi factor authentication) refers to using an additional factor (like a security fob or a one-time password), in addition to the regular username and password to gain access to an account. This reduces the likelihood of the account being compromised due to the loss of the root username and password.

Remediation

Follow the AWS best practices to configure MFA on your root account.

References

• AWS CIS v.1.4.0 - 1.5
• AWS CIS v.1.2.0 - 1.13
• Trusted Advisor - Multi-factor authentication on root account

Links

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root
• https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/#Security