MFA protocols are a simple best practice for increasing the overall access of AWS cloud services and could prevent costly breaches in your .

fingerprint login access on smartphone, data security  - istock 876819278 - How to set up multi-factor authentication for an IAM user in AWS

Image: anyaburket, Getty Images/iStockphoto

While the benefits of cloud computing services for many business enterprises is well-documented, tapping into all that computational power requires careful and diligent use of security protocols and procedures. Multi-factor authentication is one of the more straightforward and effective cloud service security protocols available and should be implemented as a normal part of your access controls.

Setting up multi-factor authentication (MFA) for
Amazon Web Services
(AWS) requires the use of a trusted third-party authentication code generator. In general terms, an authentication code generator periodically calculates a unique code that can then be entered into AWS during the login procedure. Access to the code, coupled with the entry of the proper password, verifies your identity and authorization to access AWS. A user must provide both security factors before access will be granted.

This how-to tutorial shows you how to create a simple MFA security protocol using a mobile device. The MFA security protocol can then be applied to a user granted AWS access under the Identity and Management (IAM) system.

SEE: Amazon Web Services: An insider’s guide (free PDF) (TechRepublic)

Multi-factor authentication for an IAM user in AWS

Before you can associate an IAM user with the MFA protocol, you must first download and install an authentication code generator application to your smartphone or other mobile device. There are a few available for each operating system, but for this example, we are using Authy 2-Factor Authentication for Android, which is available for free on (Figure A).

a-enable-mfa-for-iam-user-aws.jpg  -  - How to set up multi-factor authentication for an IAM user in AWS

Figure A

With the generator in place, log in to the AWS console and use the Services menu to navigate to the IAM services section, as shown in Figure B. Use the left-hand navigation pane to select Users.

b-enable-mfa-for-iam-user-aws.jpg  -  - How to set up multi-factor authentication for an IAM user in AWS

Figure B

On the Users page, select the name of the user you be configuring and then select the Security credentials tab (Figure C). In the list of credentials, find and click the link to manage Assigned MFA devices.

c-enable-mfa-for-iam-user-aws.jpg  -  - How to set up multi-factor authentication for an IAM user in AWS

Figure C

Choose the appropriate MFA device and click the Continue button. On the next page, Figure D, you will have a choice. If your code generator can read QR codes, click that link and follow the instructions on your mobile device. Alternatively, click the link to show the secret code and type it manually.

d-enable-mfa-for-iam-user-aws.jpg  -  - How to set up multi-factor authentication for an IAM user in AWS

Figure D

Once the secret code is entered, you will be asked to enter the next two codes generated on your mobile device. Once you enter in the two codes click the Assign MFA button. Take note, if you delay too long before assigning the MFA codes, the setup may fail, and you’ll have to start over.

If your setup is successful, you will receive a confirmation notice (Figure E). Click the close button to complete the process.

e-enable-mfa-for-iam-user-aws.jpg  -  - How to set up multi-factor authentication for an IAM user in AWS

Figure E

Now, the next time that particular IAM user logs in to AWS, they will be asked to enter both a password and the authentication code generated by the app on your mobile device. The extra level of security will help protect your enterprise cloud services on AWS from being accessed by the wrong people.

Also see



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here