Enable IAM Users to manage their MFA settings – AWS How-To-Guide

As an administrator, you can configure credentials (access keys, passwords, signing certificates, and SSH public keys) and MFA devices for your IAM users. This is acceptable when you have a few users to set up and configure who need access to your AWS Account. However, when you need to create and manage hundreds of users, then it becomes a very time-consuming task for a single administrator to perform.

In this video, we demonstrate how you can enable your IAM Users to log in to the AWS Management Console, access the My Security Credentials page, and then manage their own IAM security features such as change passwords, rotate access keys, and more importantly set up and configure their own Multi-Factor Authentication. More specifically, your users may require access to various AWS services and resources. In this video, we look at how to allow users access to those services, but only if they have configured MFA and logged in with Multi-Factor Authentication. Unless your IAM Users configure MFA for their IAM accounts, they will not be allowed to access any AWS Service and the only task they can perform without being authenticated with Multi-Factor Authentication is to first set up MFA.

This video demonstrates a sample IAM Policy that prevents your IAM users from being able to carry out any tasks in your AWS Account unless they have set up and authenticated with an MFA device. The only task they can perform if not authenticated with Multi-Factor Authentication is to set up MFA. You can access the sample policy document in our GitHub repository at
https://github.com/iaasacademy/aws-how-to-guide/tree/main/Enable%20IAM%20Users%20to%20setup%20MFA

At the IaaS Academy, we deliver On-Demand Training programs and Practice Exams for AWS Certifications.