Enabling Virtual Multi Factor Authentication on AWS console

Description: To setup additional security on AWS access, We can setup Multi Factor Authentication [MFA] on access of IAM  and root User. Most virtual MFA apps support creating multiple virtual devices, allowing you to use the same app for multiple AWS accounts or users. However, you can enable only one MFA device per user.

Enable MFA for IAM user (Console): You can enable MFA for IAM user to access console.

• Sign in to AWS management console and open IAM console
• Select User and Navigate to Security Credentials, Select Assigned MFA Device and choose Manage.

• Install Google Authenticator on you mobile or device. Select Virtual MFA device and continue

• Scan QR code and add MFA code value shown in your application
• In the Manage MFA Device wizard, in the MFA code 1 box, type the one-time password that currently appears in the virtual MFA device. Wait up to 30 seconds for the device to generate a new one-time password. Then type the second one-time password into the MFA code 2 box. Choose Assign MFA.

Once you Assign MFA you will get below message

• Virtual MFA is ready to use, When you try to login with IAM user it will ask for MFA password

Enable Virtual MFA to Root User

• Sign In to your AWS Management Console
• On the right side of the navigation bar, choose your account name, and choose My Security Credentials. If necessary, choose Continue to Security Credentials. Then expand the Multi-Factor Authentication (MFA) section on the page.

• Select MFA and click on Activate MFA

• Select Virtual MFA and Setup same as IAM user
• Scan QR code and enter MFA code 
• Choose Assign MFA and Finish