Overview
AWS Multi-Factor Authentication is a simple best practice
that adds an extra layer of protection.
When MFA is enabled, when a user signs in to an AWS website,
they will be prompted for their user name and password (the first factor).
And also with authentication code from their respective AWS
MFA device (the second factor).
Taken together, these multiple factors provide increased
security for your AWS account settings and resources.
Applies To
Amazon Web Services
(AWS)
Pre-Requisites
·
AWS wherein Multi Factor Authentication (MFA) is
enabled
·
IAM configured user
·
Android based devices (google Authenticator) is
installed on smart phone
·
Barcode Scanner App is installed on smart phone
Configure MFA
In order the configure multi-factor authentication there are
2 step process, first being enabling MFA and second being installing and
configuring account on smart phone for dynamic key generation for authentication
and login into AWS Management console.
Login – AWS Root Account
In order to configure MFA for the account, you need to
configure / enable it. After login into to the AWS root, click on “Security Credentials” from the drop down of the account.
Activate – Multi-Factor Authentication (MFA)
After click on “Security Credentials”, expand “Multi-Factor Authentication (MFA)” and click “Activate MFA” button.
Manage MFA Device
Once you activate the “MFA”,
you have to choose the type of MFA device that you intend to utilize for
authentication, you can opt virtual device if you want “Google
Authenticator” Application, which can be downloaded from Google
PlayStore he other option is hardware MFA which are “AWS supported Multi-Factor
Authentication” devices.
In this document we are demonstrating and utilizing Virtual MFA. Hence, choose “A virtual MFA device” and click on “Next Step” button.
Install MFA Application
Ensure that you have download and install “Google Authenticator” application from
the PlayStore on your smart phone or PC or other devices and click on “Next Step”.
Scan Barcode – AWS Console
Scan Barcode – Verification Code
For the first time you need to enter the verification key
two times; wait for key to be generated
2 times and enter in the AWS Management Console, first generated key in Authentication Code 1 and
subsequent generated key in Authentication Code 2 fields.
After keying in two time, click on “Activate Virtual
MFA” button.
Also see step, “Verification
Code – App” for generating Authentication codes.
MFA Devices – Associated
After keying in the authentication code two times, the sync
of account is established successfully, click on “Finish”
button.
MFA Activation – Verification
After successfully enabling the MFA feature, you can verify
it by click on “Security Credentials” and “Multi-Factor Authentication (MFA)” and expand the feature,
account associated with MFA will be listed and “Active”.
Login AWS Console
Configure - Google Authenticator
This section can be done before enabling the “MFA” on the AWS Management Console. In
order to enable and activate MFA configuring and sync with MFA devices is
mandatory.
Setup Account - App
Once you have download the app from the Playstore, launch
the application and in the app click on “Setup an Account”
option.
San Barcode – App
Upon choosing setup an account option, from the AWS
Management Console, as per step mentioned “Scan
Barcode – Verification Code”.
Verification Code – App
For the first time you need to enter the verification key
two times; wait for key to be generated
2 times and enter in the AWS Management Console, first verification key in Authentication Code 1 and subsequent key in Authentication Code 2
fields
Note: Each time
you want to login into AWS Management
Console, enter the verification code that is generated in the login
screen.
good and usefull information aws Online Training Hyderabad
ReplyDelete