...
- For new accounts, the Cloud Team has enabled MFA for the root account and has escrowed the root account password and multifactor hardware key.
- If MFA for your root AWS account has not been setup.
- Use a physical MFA device and lock it away once enabled and tested.
- Use a physical MFA device and lock it away once enabled and tested.
- Logging into AWS using your root account should now be an exceptional situation, not a daily occurrence.
- Enabling MFA: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_physical.html
- What if the MFA Device is Lost or Stops Working? http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html
...
2. Logging into the AWS Console:
...
Login to AWS Console with Cornell Two-Step Login
3. Police your existing AWS IAM users and, at minimum, remove passwords for those users. Instead, human users should use the above URL and their Cornell credentials for accessing AWS.
...