AWS IAM documentation change
Summary
Clarified MFA enforcement applies specifically to root users of AWS Organizations member accounts
Security assessment
Change strengthens documentation about MFA requirements but does not address a specific security vulnerability
Diff
diff --git a/IAM/latest/UserGuide/enable-mfa-for-root.md b/IAM/latest/UserGuide/enable-mfa-for-root.md index 12bd92084..b5e5ee914 100644 --- a//IAM/latest/UserGuide/enable-mfa-for-root.md +++ b//IAM/latest/UserGuide/enable-mfa-for-root.md @@ -13 +13 @@ Multi-factor authentication (MFA) is a simple and effective mechanism to enhance -Starting May 2024, all root users are required to enable MFA during their next sign-in if MFA is not already enabled. Users can postpone MFA registration for up to 35 days by skipping the prompt. After 35 days, enabling MFA becomes mandatory to proceed with sign-in and to access the AWS Management Console. For member accounts, MFA setup is currently optional, but enforcement is planned for Spring 2025, +Starting May 2024, all root users are required to enable MFA during their next sign-in if MFA is not already enabled. Users can postpone MFA registration for up to 35 days by skipping the prompt. After 35 days, enabling MFA becomes mandatory to proceed with sign-in and to access the AWS Management Console. For root users of AWS Organizations member accounts, MFA registration is currently optional, but enforcement is planned for Spring 2025.