If you are managing several AWS accounts for your customers, then remembering all the password for these AWS accounts is a very difficult task. In my case I am storing all the passwords in my browser cache. But it is very risky isn’t it? Anybody can access the accounts when you are not in your seat. AWS is providing a facility called “MFA” (Multi-Factor-Atuthentication) to secure the accounts. If your account is enabled with MFA device then you have to provide the one time password along with your user name and password during login to your AWS console. Again it is a very hard task to keep the hardware MFA devices in the pocket for every account. It’s really very amazing that Amazon released the ability to use Virtual MFA devices like Google Authenticator. In this article I will show, how to create an user account with Virtual MFA (Google Authenticator) enabled.
How to add an User Account on AWS Console:
After login to user AWS console go to main Dashboard then Click on IAM as shown in the below image.
Then Click on “Users” > “Create New User” > Enter User Name > Click on “Generate an access key for each user” if you want to provide REST access to the user > Create. Follow the steps as shown in the below image.
Right Click on the user name > Click on the “Manage Password”. Image given below:
Enter your desired Password and click on “Apply”.
As per the above example now the user “Tapas” should able to login to the AWS console using his username and password.
How to add MFA device for a user on AWS console:
After creating the user now we will enable Virtual MFA device for the user. Right Click on the user and click on “Manage MFA device”
Select “A virtual MFA device” and click on “Continue”.
Click “Continue” on the next message screen if you have Google Authenticator installed on your smartphone. Else install it on your device.
After installing the Google Authenticator on your smart phone Scan the barcode from your monitor screen. Enter two consecutive authentication codes and press “Continue” as shown in the below iamge.
Now whenever the user will try to login to the AWS console it will ask him for a one time password along with the IAM user name and password. Have fun with your secured console.
Latest posts by Tapas Mishra (see all)
- Working with Docker – II - December 16, 2016
- Working with Docker – I - November 28, 2016
- How to work with Chef using Oracle VirtualBox and Vagrant on a Windows host – Part II - November 30, 2014