官术网_书友最值得收藏!

Enabling MFA on the root account

In order to avoid any kind of issues, the first thing we need to do once we sign up is enable MFA. In case you haven't seen or heard of this before, MFA is a security system that requires more than one method of authentication from independent categories of credentials. These are used to verify the user's identity in order to log in. In practice, once enabled, you will need the password previously set when you signed up in order to login. However, you will also need another code provided from a different source. That second source can be provided through a physical device such as the SafeNet IDProve, which is available at http://amzn.to/2u4K1rR, through an SMS on your phone, or through an application installed on your smartphone. We will use the third option—an application installed on your smartphone, which is completely free:

  1. Go to your App Store, Google Play Store, or App Marketplace and install an application called Google Authenticator (or any other equivalent, such as Authy).
  2. In the AWS Management Console, open the My Security Credentials page in the top-right corner:
  1. If prompted to create and use AWS Identity and Access Management (IAM), users with limited permissions, click on the Continue to Security Credentials button. We will explore the IAM system in Chapter 3Treating Your Infrastructure as Code. Expand the Multi-factor authentication (MFA) section on the page.
  2. Pick virtual MFA and follow the instructions to sync Google authentication with your root account (note that the scan QR code option is the easiest one to pair the device).

From this point on, you will need your password and the token displayed on the MFA application in order to log in as root in the AWS console.

Two general tips for managing your passwords and MFA are as follows:
  • There are a number of good applications to manage passwords, such as 1Password at https://agilebits.com/onepassword or Dashlane at https://www.dashlane.com.
  • For MFA, you can also try using Authy at https://www.authy.com. This works like Google Authenticator but also has a centralized server allowing it to work across multiple devices (including desktop applications), so if you lose your phone, you won't lose access to AWS.

As we have seen earlier, the root account usage should be limited to a bare minimum. So, in order to create virtual servers, configure services, and so on, we will rely on the IAM service which will let us have granular control over permissions for each user.

主站蜘蛛池模板: 错那县| 康定县| 图们市| 廉江市| 措美县| 蒙山县| 扬中市| 恩平市| 嵊州市| 东台市| 江北区| 凌源市| 米脂县| 平远县| 伊宁市| 遂平县| 师宗县| 翼城县| 竹溪县| 罗定市| 漾濞| 化州市| 绿春县| 辉县市| 科技| 余江县| 雷州市| 阿拉善盟| 邹城市| 永顺县| 裕民县| 沧源| 云和县| 普格县| 京山县| 天气| 广丰县| 怀来县| 揭东县| 北辰区| 德格县|