Multi-factor authentication

To help combat the potential security risk mentioned in the preceding section, IAM has a feature known as MFA. This is recommended for any user that has an elevated set of permissions within your AWS account, and it is a security best practice to use MFA in your AWS root account.

MFA provides a second layer of authentication, following a user logging into your AWS account with a password. MFA will ask the user to enter a six-digit, randomized number, which will change very frequently; if the correct response is entered, then the user will be fully authenticated. This ensures that, should a password be compromised, there will be a second factor of authentication which is far harder to breach since the code is frequently ...

Get AWS Certified Solutions Architect - Associate Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.