Skip to content
AWS SAA

017 iam mfa

Password policy

Minimum length
Require specific character
Allow all users to change their passwords
Require users to change their password after some time
Prevent password re-use

Multi Factor Authentication

= you know (password) + you own (security device)

MFA device options in AWS

Virtual MFA device

  • Support multiple tokens
  • Google Authenticator, Authy

Universal 2nd Factor (U2F) Security Key

  • Support multiple root & IAM users
  • YubiKey

Hardware Key Fob MFA Device

Hardware Key Fob MFA Device for AWS GovCloud