In the last post I discussed about how to create your first AWS account for free. If you have missed it, you may like to check it here. Once you have created your AWS account and logged in, it is now time to configure your account. The AWS service related to this activity is called IAM (Identity and Access Management). In the console home screen, at the top left corner click on Services drop down list as below:

Scroll down and locate the Security, Identity and Compliance and then click on IAM.

Once you click on IAM it will take you to the IAM root account page as below:

Setup MFA for the root account

MFA or Multi-Factor Authentication provides a second level of security for the AWS root account. Click on the the drop down beside the Activate MFA on your root account

No you will see the Manage MFA button, click on it. On the next page click on Multi-factor authentication (MFA) as below:

Next, click on Activate MFA as below:

You will be presented with three options on the next page, keep the default selected option Virtual MFA device and click Continue.

On the next page there are two things to be done as below:

Install Google Authenticator

The first step is to download the Google Authenticator app on you mobile phone.

I use android phone, so for android go to the play store, download and install the Google Authenticator App. For iOS you have to download through AppStore. Once the app is downloaded and installed, open the app on you phone. Click on Get Started as shown below:

Once you click on Get Started, you should be able to see somewhat like a below screen on your phone:

Click on Scan a QR Code and it should look like the below, the scanner app will get activated. Now come back the AWS management console where you had left it. Now we will move to the second step.

Use your virtual MFA app and your device’s camera to scan the QR code

Click on the Show QR code as below:

Using you scanner app (which came up within the Google Authenticator just in the last step) read the QR code shown on the screen:

Just hold the phone in front of the screen (while the Google Authenticator Reader is open as in the last step). This should enable you to reader the QR code from the screen.

On the Setup Virtual MFA Device screen, scroll down and you should be able to see the below option:

You have to enter two consecutive MFA code in the above screen. So, open you MFA app on the phone. If you didn’t close it before, it should already be open and you should be able to see an MFA code on the mobile screen. Type in the MFA code displayed on the screen into the MFA code 1 box. Then wait for the MFA code to change in your Google Authenticator app. and once changed type in the new MFA code into the MFA code 2 box:

Now, click on Activate MFA button as in the below picture:

You should be able to see the MFA been activated for your root account.

Log out of your account and try to login back.

On the login page, select Root user, then type in your email id in the user name field and then click Next:

Now it will ask for your password code as in the below:

Type in your password and then click on Sign in. Now it will ask for your MFA code as below:

Open your Google Authenticator app on your phone again, it will display a code on the mobile screen. Type in the code into the above MFA code box and click on Submit. Now you should be able to log back into your AWS console home page again:

Now your MFA is set for the Root user account. Next we will setup an IAM user account in the next blog.

That’s all for this blog. Have fun!