官术网_书友最值得收藏!

Enabling MFA on the root account

In order to avoid any kind of issues, the first thing we need to do once we sign up is enable MFA. In case you haven't seen or heard of this before, MFA is a security system that requires more than one method of authentication from independent categories of credentials. These are used to verify the user's identity in order to log in. In practice, once enabled, you will need the password previously set when you signed up in order to login. However, you will also need another code provided from a different source. That second source can be provided through a physical device such as the SafeNet IDProve, which is available at http://amzn.to/2u4K1rR, through an SMS on your phone, or through an application installed on your smartphone. We will use the third option—an application installed on your smartphone, which is completely free:

  1. Go to your App Store, Google Play Store, or App Marketplace and install an application called Google Authenticator (or any other equivalent, such as Authy).
  2. In the AWS Management Console, open the My Security Credentials page in the top-right corner:
  1. If prompted to create and use AWS Identity and Access Management (IAM), users with limited permissions, click on the Continue to Security Credentials button. We will explore the IAM system in Chapter 3Treating Your Infrastructure as Code. Expand the Multi-factor authentication (MFA) section on the page.
  2. Pick virtual MFA and follow the instructions to sync Google authentication with your root account (note that the scan QR code option is the easiest one to pair the device).

From this point on, you will need your password and the token displayed on the MFA application in order to log in as root in the AWS console.

Two general tips for managing your passwords and MFA are as follows:
  • There are a number of good applications to manage passwords, such as 1Password at https://agilebits.com/onepassword or Dashlane at https://www.dashlane.com.
  • For MFA, you can also try using Authy at https://www.authy.com. This works like Google Authenticator but also has a centralized server allowing it to work across multiple devices (including desktop applications), so if you lose your phone, you won't lose access to AWS.

As we have seen earlier, the root account usage should be limited to a bare minimum. So, in order to create virtual servers, configure services, and so on, we will rely on the IAM service which will let us have granular control over permissions for each user.

主站蜘蛛池模板: 佛冈县| 鄢陵县| 玉门市| 浦江县| 武陟县| 宜君县| 营口市| 长春市| 普兰县| 公安县| 内黄县| 冕宁县| 湖北省| 绿春县| 湘潭县| 大竹县| 新巴尔虎左旗| 宝清县| 凉城县| 明水县| 汝州市| 合肥市| 如东县| 绥中县| 岫岩| 融水| 德江县| 紫云| 大埔区| 庐江县| 滦南县| 腾冲县| 常德市| 新干县| 尖扎县| 阿瓦提县| 通辽市| 梁河县| 建湖县| 原平市| 鄂托克旗|