• Kamalesh Joshi

Enabling MFA (Multi-Factor Authentication) for root user in AWS


If you are here, I assume you have already created a new account in AWS. When you have created a new account in AWS, the email id and password that you had given during account creation are the root user credentials. The root user is the owner of the account, and has complete access to all AWS resources and services in the account.

Anyone having access to the root user credentials get access to everything in the AWS account, including the billing information, which can be very dangerous. Root user can perform any operation on your account, and can cause huge damages. So, you should always enable multi-factor authentication to your root account, as a first step after signing-in to your new AWS account.

In this article, I will go through the steps to enable virtual MFA.

Steps to enable MFA

Step 1:

to your account as root user.

Step 2:

In your AWS console home page, search for "IAM" in "Find Services" search box.

Click "Activate MFA on your root account :

Click "Manage MFA" button, as shown in above screen.

Step 3:

In next page, you will get a list of options, from those click Multi-factor Authentication -> Activate MFA, as shown in below screenshot:

Step 4:

Choose MFA device in the next screen, there are three options for MFA devices, choose virtual MFA device:

Click continue.

Step 5:

  • Install virtual MFA application in your smartphone. Following applications are supported for both Android and iPhone:

Authy, Duo Mobile, LastPass Authenticator, Microsoft Authenticator, Google Authenticator

You can install any of the above applications.

  • Click "Show QR Code", Scan the QR code from your mobile app.

  • Type two consecutive MFA codes:

  • After entering the codes, click "Assign MFA"

  • You will get the message of successfully assigning the MFA:

Now you should see green tick on "Activate MFA on your root account", in the security status (IAM service in step 2 above):


So, the enabling of multi-factor authentication on your AWS root account is complete with above five simple steps. Now you will be asked for MFA code, when you sign-in to your root account.

62 views0 comments