Note: Amazon Web Services is moving forward with making multi-factor authentication (MFA) mandatory for some users, and we love to see it.
How to enable multi-factor authentication (MFA) on AWS accounts
The cloud giant said in October that it would start requiring MFA for its customers' most privileged users in 2024.
Indeed, we understand that since May of this year, AWS has gradually required MFA for root users for management accounts in AWS organizations, and this change is still being rolled out.
And as mentioned during its annual re:Inforce security conference this month, starting in July, AWS will begin requiring MFA for stand-alone office root users—those outside AWS organizations—when they log into the AWS Management Console. Again, this will be a gradual rollout, and other types of root users will begin to face this security requirement later this year.
