Configuring the Root User for Multi-Factor Authentication


  1. Set up an Amazon Web Service (AWS) Account for a Root User
  2. Set up a Developer Account

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication is a system requirement that utilizes two or more methods of identification to authenticate a user.

For the Root User, one method of authentication is already set up by using the combination of email and password to log on.

A variety of second authentication methods are available from AWS MFA homepage:

In this example we are using Google Authenticator, which you can download on your phone from the Google Play or Apple’s App Store.

Configuring the Root User For MFA

1. Log into the AWS Console as the Root User. On the dropdown menu attached to the Organization name in the top menu bar, choose My Security Credentials.

2.  You will get a popup warning stating that you should set up another user with limited permissions. This step has already been completed; choose “Continue to Security Credentials.”

3.  Click on Multi-Factor Authentication (MFA), then click Activate MFA

4.  Select the radio button at the top, “Virtual MFA device” and press the “Continue” button.

5.  The popup screen shows several choices; since our app for two-factor authentication is already installed, go to Step 2 and press “Show QR Code.”

6.  Open the Google Authenticator app and press the “Begin” button.

7.  Press the “Skip” button in the lower left hand corner to go straight to the set up.

8.  On the next screen choose “Scan a barcode”

9.  You will be asked to give permission to use the camera, choose “Allow”

10.  Point the camera to your computer with the barcode showing, center the square that appears over the barcode, and the app will scan it automatically.

11.  You will now see the account added in the Google Authenticator app. Make a note of the code display and return to the MFA Popup in the AWS console.

12.  Enter the code from the authenticator in the MFA Code 1 box, hit the tab key, then return to the authenticator app. The MFA code changes in the App in about 30 seconds, wait for a second code to appear, make a note of it, and enter it in the MFA Code 2 box. Press the “Assign MFA” button.

13.  You should see a success message. Press “Close” and log out of the console.

Test Logging In as the Root User with MFA Activated

1. Log into the AWS console with the usual root user email and password credentials and press “Sign In”

2.  A second authentication page will appear where you will enter the MFA code.

3.  Open the Google Authenticator app on your phone and make a note of the code.

4.  Enter the code in the MFA code box on AWS and press “Submit”

5.  You are now logged into the AWS console. Congratulations! You have successfully configured and tested your root user account for MFA.

In this day and age of increased security threats it is best to be prepared before disaster strikes! For additional information on increased security methods, contact Revolution11 to schedule a consultation today. Learn what systems we have put in place for businesses of every size.

Download a PDF of this blog: Configuring Root User

Configuring the Root User for Multi-Factor Authentication

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.