Ensuring that the root user has Multi-Factor Authentication (MFA) enabled is a critical security best practice in AWS. The root user has full access to all resources and services in an AWS account, and therefore is a prime target for attackers seeking to gain unauthorized access. MFA provides an additional layer of security beyond a password by requiring a second factor, such as a token or mobile device, to verify the user's identity. This makes it much more difficult for attackers to gain unauthorized access, even if they have the root user's password.


To ensure that the root user has MFA enabled, AWS account owners should follow these steps:

  1. Log in to the AWS Management Console as the root user.
  2. Navigate to the IAM dashboard.
  3. Select the "Security Status" tab.
  4. Locate the "Root account MFA" section.
  5. Click the "Manage MFA" button.
  6. Follow the prompts to set up MFA for the root user, either by using a virtual MFA device or a hardware key.

Once MFA is enabled for the root user, it is important to ensure that the MFA device is kept secure and that any changes to the device or phone number associated with it are carefully controlled and monitored.

By ensuring that the root user has MFA enabled, AWS account owners can significantly reduce the risk of unauthorized access to their account and the resources and data it contains.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.