In this video, you will walk through exactly how to implement Multifactor Authentication for your root AWS account. This includes signing into the AWS Web Console, where to enable Multifactor Authentication, and how to set up a virtual MFA device. In this case, I use the Google Authenticator on an iPhone.
- [Voiceover] Now that we understand…the importance of separation of duties,…let's fire up a browser, go into the AWS console,…and see exactly how we enable MFA on the root account.…In order to sign in, I go to the My Account menu…and choose AWS Management Console from the drop down.…As you can see, the only things that we have to provide…to gain access to our account…are an email address and a password.…Upon logging in, we see the AWS web console…in all its glory.…There are so many services to look at…that it's easy to feel somewhat overwhelmed.…
In addition, AWS iterates quickly…and releases new services with some frequency,…so this screen might look a little different…if you're following along in your own account.…Let's focus on the mission at hand:…getting MFA set up for that root account.…In order to do so, in the center column,…I'm going to locate the Security and Identity section,…then click on Identity and Access Management.…This brings me to the IAM dashboard.…As you'll note throughout this course,…AWS often provides signposts within the console…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor