Open menu

AWS Root User Has Signed In Without MFA

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features

Risk level: Extreme (act today)

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected an AWS root account authentication session initiated without using MFA.

This rule resolution is part of the Cloud Conformity Tool

AWS Multi-Factor Authentication (MFA) is a simple yet efficient method of verifying your user identity by requiring an authentication code generated by an MFA device (virtual or physical) on top of your usual access credentials (i.e. email address and password). The MFA device signature adds an extra layer of protection on top of your existing root credentials making your AWS root account virtually impossible to penetrate without the MFA generated passcode.

Cloud Conformity strongly recommends that you use Multi-Factor Authentication every time you sign in to your Amazon Web Services root account in order to secure the access to your AWS resources and adhere to security best practices.


Cloud Conformity RTMA root MFA detection should be an indispensable part in enforcing a strong access security policy for your AWS root account.

Monitoring root access in real-time is crucial for keeping your AWS account safe because the root user has unlimited privileges (i.e. can use any service or component, modify any resource, access any data in your AWS environment) – that's why is important to know when a root authentication request is made without the Multi-Factor Authentication layer.

Having an MFA-protected root account is the best way to protect your AWS resources and services against unauthorized users, as MFA adds extra security to the authentication process by forcing users to enter a unique passcode from an approved authentication device such as Google Authenticator (virtual) or SafeNet IDProve from Gemalto (hardware).


Publication date May 24, 2017