MFA should be enabled for the 'root' account

iam
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

The root account is the most privileged user in an AWS account. MFA (multi-factor authentication) adds an extra layer of protection on top of a username and password. With MFA enabled, users are prompted for their username, password, and an authentication code from their AWS MFA device when signing in. Datadog recommends using a dedicated non-personal device for setting up virtual MFA for root accounts to minimize risks like device loss or if the device owner leaves the company.

Enabling MFA provides increased security for console access because it requires the authenticating principal to possess a device that emits a time-sensitive key and have knowledge of a credential. Note that the IAM User root account for GovCloud (US) regions does not have console access, so this control is not applicable for GovCloud (US) regions.

Remediation

For instructions on enabling MFA for the root account, refer to Managing MFA for Your AWS Account Root User.

PREVIEWING: brett.blue/embedded-collector-release