Using Multi-Factor Authentication (MFA) Devices with AWS

For increased security, we recommend that you protect your AWS resources by configuring AWS Multi-Factor Authentication (MFA). MFA adds extra security by requiring users to enter a unique authentication code from their authentication device when accessing AWS websites or services.

For MFA to work, you must assign an MFA device (hardware or virtual) to the IAM user or root account. The MFA device must be unique for each user; a user cannot enter a code from another user's device to authenticate.

To get started setting up an MFA device for root account or IAM user access to the console, see Setting Up an MFA Device.

To set up MFA-protected API access for IAM users with an enabled MFA device, see Configuring MFA-Protected API Access.