Next steps after an AWS account has been onboarded by the Cloudification Team
1. Enable multifactor authentication MultiFactorAuthentication (MFA) for your root AWS account. Use a physical MFA device and lock it away once enabled and tested. In many casesaccount:
- For new accounts, the Cloud Team has enabled MFA for the root account and has escrowed the root account password and multifactor hardware key.
- Logging into AWS using your If you manage the root account should now be an exceptional situation, not a daily occurrence, the you must add MFA to the account. Use a physical MFA device and lock it away once enabled and tested.
- What if the MFA Device is Lost or Stops Working? http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html
- Logging into AWS using your root account should now be an exceptional situation, not a daily occurrence.
2. Login to AWS Console with Cornell Two-Step Login2. Start logging into the AWS Console using this URL: http://signin.aws.cucloud.net/. This URL engages Cornell's Shibboleth provider and also uses Cornell's Two-step-login process for AWS administrators. You will now be able to login to AWS using your standard Cornell netid credentials.
3. Police your existing AWS IAM users and, at minimum, remove passwords for those users. Instead, human users should use the above URL and their Cornell credentials for accessing AWS.
...
4. Contact your Cloudification Team liaison or send an email to cloud-support@cornell.edu with any questions.
5. Get connected with the Cornell cloud community.
7. Consider some training: Cloud Services Training