官术网_书友最值得收藏!

Enabling multi-factor authentication on the root account

In order to avoid any kind of issues, the first thing we need to do once we sign up is to enable MFA. In case you haven't seen or heard of this before, MFA is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity to log in. In practice, once enabled, in order to log into your root account, you will need the password previously set when you signed up but also another code provided from a different source. That second source can be provided through a physical device such as the SafeNet IDProve available on Amazon.com (http://amzn.to/2u4K1rR), an SMS on your phone, or an application installed on your smartphone. We will use the third option, which is completely free:

  1. Go to your App Store, Google Play Store or App Marketplace and install an application called Google Authenticator (or any other equivalent such as Authy).
  2. In the AWS Management Console, in the top-right corner, open the My Security Credentials page:
  1. If prompted for Creating and using AWS IAM users with limited permissions, click on Continue to Security Credentials. (We will explore the IAM system in Chapter 3, Treating Your Infrastructure As Code. Expand the Multi-factor authentication (MFA) section on the page.
  2. Pick Virtual MFA and follow the instructions to sync Google Authenticator with your root account (note that the scan the QR code option is the easiest one to pair the device).

From this point on, you will need your password and the token displayed on the MFA application to log in as root in the AWS console.

Two general tips for managing your passwords and MFA
There are a number of good applications to manage passwords, such as 1Password ( https://agilebits.com/onepassword) or Dashlane ( https://www.dashlane.com).
For MFA, I really like Authy ( https://www.authy.com). It works like Google Authenticator but also has a centralized server allowing it to work across multiple devices (including desktop applications), so if you lose your phone you won't lose access to AWS.

As we have seen earlier, the root account usage should be limited to a bare minimum. So in order to create virtual servers, configure services, and so on, we will rely on the IAM service that will let us have granular control over permissions for each user.

主站蜘蛛池模板: 岳西县| 玉山县| 桐柏县| 泗水县| 大余县| 和田市| 渑池县| 曲阳县| 大关县| 鹤岗市| 滁州市| 台北县| 资兴市| 从化市| 宁河县| 隆德县| 西青区| 博爱县| 张掖市| 大冶市| 安远县| 泰顺县| 宁城县| 凤冈县| 临潭县| 安义县| 项城市| 浠水县| 额济纳旗| 玛曲县| 鄂伦春自治旗| 呼和浩特市| 海林市| 石楼县| 安仁县| 绥德县| 读书| 青海省| 达日县| 图们市| 莆田市|