|   Trend Micro Cloud One™
Open menu

AWS Root user has signed in without MFA

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Last updated: 15 September 2017
Risk level: Extreme (act today)
Rule ID: RTM-002

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected an AWS root account authentication session initiated without using MFA.

This rule can help you with the following compliance standards:

This rule can help you work with the AWS Well-Architected Framework

This rule resolution is part of the Cloud Conformity Real-Time Threat Monitoring

Security

AWS Multi-Factor Authentication (MFA) is a simple yet efficient method of verifying your user identity by requiring an authentication code generated by an MFA device (virtual or physical) on top of your usual access credentials (i.e. email address and password). The MFA device signature adds an extra layer of protection on top of your existing root credentials making your AWS root account virtually impossible to penetrate without the MFA generated passcode.

Cloud Conformity strongly recommends that you use Multi-Factor Authentication every time you sign in to your Amazon Web Services root account in order to secure the access to your AWS resources and adhere to security best practices.

Rationale

Cloud Conformity RTMA root MFA detection should be an indispensable part in enforcing a strong access security policy for your AWS root account.

Monitoring root access in real-time is crucial for keeping your AWS account safe because the root user has unlimited privileges (i.e. can use any service or component, modify any resource, access any data in your AWS environment) – that's why is important to know when a root authentication request is made without the Multi-Factor Authentication layer.

Having an MFA-protected root account is the best way to protect your AWS resources and services against unauthorized users, as MFA adds extra security to the authentication process by forcing users to enter a unique passcode from an approved authentication device such as Google Authenticator (virtual) or SafeNet IDProve from Gemalto (hardware).

References

Publication date May 24, 2017

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base


Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

AWS Root user has signed in without MFA

Risk level: Extreme