Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected an AWS root account authentication session initiated without using MFA.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Real-Time Threat Monitoring
AWS Multi-Factor Authentication (MFA) is a simple yet efficient method of verifying your user identity by requiring an authentication code generated by an MFA device (virtual or physical) on top of your usual access credentials (i.e. email address and password). The MFA device signature adds an extra layer of protection on top of your existing root credentials making your AWS root account virtually impossible to penetrate without the MFA generated passcode.
Cloud Conformity strongly recommends that you use Multi-Factor Authentication every time you sign in to your Amazon Web Services root account in order to secure the access to your AWS resources and adhere to security best practices.
Cloud Conformity RTMA root MFA detection should be an indispensable part in enforcing a strong access security policy for your AWS root account.
Monitoring root access in real-time is crucial for keeping your AWS account safe because the root user has unlimited privileges (i.e. can use any service or component, modify any resource, access any data in your AWS environment) – that's why is important to know when a root authentication request is made without the Multi-Factor Authentication layer.
Having an MFA-protected root account is the best way to protect your AWS resources and services against unauthorized users, as MFA adds extra security to the authentication process by forcing users to enter a unique passcode from an approved authentication device such as Google Authenticator (virtual) or SafeNet IDProve from Gemalto (hardware).
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS Root user has signed in without MFA
Risk level: Extreme