AWScloud~30 mins

Multi-factor authentication setup in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Multi-factor authentication setup

📖 Scenario: You are setting up a secure AWS environment for a small company. To protect user accounts, you want to enable multi-factor authentication (MFA) for the AWS Identity and Access Management (IAM) users.

🎯 Goal: Configure an IAM user with MFA enabled using AWS CLI commands and JSON policy documents.

📋 What You'll Learn

Create an IAM user named developer

Create a virtual MFA device named dev-mfa-device

Enable MFA for the developer user

Attach a policy that requires MFA for sensitive actions

💡 Why This Matters

🌍 Real World

MFA protects AWS accounts from unauthorized access by requiring a second verification step.

💼 Career

Cloud engineers and security specialists must configure MFA to secure cloud environments.

Progress0 / 4 steps

Create IAM user developer

Use the AWS CLI command to create an IAM user named developer.

AWS

# Use AWS CLI to create IAM user named developer
# Your code here

Need a hint?

Use the aws iam create-user command with the --user-name option.

Create a virtual MFA device named dev-mfa-device

Use the AWS CLI command to create a virtual MFA device named dev-mfa-device.

AWS

aws iam create-user --user-name developer
# Use AWS CLI to create virtual MFA device named dev-mfa-device
# Your code here

Need a hint?

Use aws iam create-virtual-mfa-device with --virtual-mfa-device-name option.

Enable MFA for the developer user

Use the AWS CLI command to enable MFA for the IAM user developer by associating the virtual MFA device dev-mfa-device. Provide two consecutive MFA codes 123456 and 654321 as placeholders.

AWS

aws iam create-user --user-name developer
aws iam create-virtual-mfa-device --virtual-mfa-device-name dev-mfa-device --outfile /tmp/dev-mfa-device.png --bootstrap-method QRCodePNG
# Enable MFA for developer user with dev-mfa-device and two MFA codes
# Your code here

Need a hint?

Use aws iam enable-mfa-device with the correct --user-name, --serial-number, and two authentication codes.

Attach an IAM policy requiring MFA for sensitive actions

Create a JSON policy document named mfa-required-policy.json that denies all actions unless MFA is present. Then attach this policy to the developer user using AWS CLI.

AWS

aws iam create-user --user-name developer
aws iam create-virtual-mfa-device --virtual-mfa-device-name dev-mfa-device --outfile /tmp/dev-mfa-device.png --bootstrap-method QRCodePNG
aws iam enable-mfa-device --user-name developer --serial-number arn:aws:iam::123456789012:mfa/dev-mfa-device --authentication-code1 123456 --authentication-code2 654321
# Create mfa-required-policy.json and attach it to developer user
# Your code here

Need a hint?

Create a JSON file with a policy that denies actions if MFA is not present, then attach it with aws iam put-user-policy.