AWS Will Begin Requiring MFA In 2024 For Customers

AWS is making multi-factor authentication a requirement for root users accounts to sign into the AWS Management Console.


Next year, Amazon Web Services customers signing into the AWS Management Console with a root user account will be required to enable multi-factor authentication to proceed.

“This certainly shows a security-first mindset,” said Michael Soule, national director of enterprise architecture and innovation at AWS partner Sentinel Technologies. “Use of MFA on emergency access accounts has been challenging given their shared nature. However, AWS offers good options to support this change, allowing up to eight MFA devices and supporting FIDO security keys, such as Yubico.”

Beginning in mid-2024, customers signing into the AWS Management Console with the root user of an AWS Organizations account will be required to enable MFA to enter.

[Related: Oracle, Microsoft, SAP, Workday Lead Cloud ERP Market: Gartner]

The AWS Management Console is a web application comprised of a broad collection of service consoles for managing AWS resources. The console’s home page provides access to each service console and offers a single place to access the information customers need to perform their AWS related tasks.

Steve Schmidt, vice president of security engineering and chief security officer at Amazon, said the company will expand this program throughout 2024 to additional scenarios—such as standalone accounts outside an organization in AWS Organizations—as AWS release features that make MFA even easier to adopt and manage at scale.

“Verifying that the most privileged users in AWS are protected with MFA is just the latest step in our commitment to continuously enhance the security posture of AWS customers,” said Schmidt in a blog post today.

Customers who must enable MFA will be notified of the upcoming change through multiple channels, according to AWS, including a prompt when they sign into the console.

‘Security Is Our Top Priority At AWS’

Amazon’s Schmidt said “security is our top priority at AWS.”

“MFA is one of the simplest and most effective ways to enhance account security, offering an additional layer of protection to help prevent unauthorized individuals from gaining access to systems or data,” said Schmidt.

The $85 billion worldwide cloud market share leader has been investing in cloud security including new products and features as well as in new partner programs.

In June, AWS launched a new Cyber Insurance Program that guarantees customers a security insurance quote within two days, tied with massive revenue opportunities for the channel.
The program is aimed at helping AWS customers improve their security posture and get insured as quickly as possible—streamlining the sometimes-painstaking process of getting a customer the cybersecurity insurance it wants or needs.

Sentinel Technologies, a Downers Grove, Ill.-based top security solution provider, said it’s thankful that AWS is consistently striving to improve customers security posture. “The AWS teams provide guidance on how to operate securely from their user guides to the well-architected framework,” said Sentinel Technologies’ Soule.

In late 2022, AWS launched support for customers to register up to eight MFA devices per account root user or per IAM user in AWS, creating additional flexibility and resiliency for your MFA strategy.

“While the requirement to enable MFA for root users of Organizations management accounts is coming in 2024, we strongly encourage our customers to get started today by enabling MFA not only for their root users, but for all user types in their environments,” said Amazon’s Schmidt.