☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
AWS Identity and Access Management (IAM)/
🔷
Multi-Factor Authentication (MFA)
🔷

Multi-Factor Authentication (MFA)

  • MFA adds a second layer of security to AWS accounts, combining:
    • Something you know (password)
    • Something you have (physical or virtual device)
  • Protects root accounts and IAM users from unauthorized access.

Benefit

  • Even if a password is stolen, the account remains secure without the second authentication factor.

MFA Device Options in AWS

Virtual MFA Device

  • Examples: Google Authenticator, Authy (mobile apps)
  • Can store multiple tokens on a single device.

Universal 2nd Factor (U2F) Security Key

  • Example: YubiKey by Yubico
  • Can be shared across multiple root and IAM users.

Hardware Key Fob MFA Device

  • Provided by Gemalto (third-party).

Hardware Key Fob MFA Device for AWS GovCloud (US)

  • Provided by SurePassID (third-party).