AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-04-03 · Documentation low

File: IAM/latest/UserGuide/enable-mfa-for-root.md

Summary

Clarified MFA enforcement applies specifically to root users of AWS Organizations member accounts

Security assessment

Change strengthens documentation about MFA requirements but does not address a specific security vulnerability

Diff

diff --git a/IAM/latest/UserGuide/enable-mfa-for-root.md b/IAM/latest/UserGuide/enable-mfa-for-root.md
index 12bd92084..b5e5ee914 100644
--- a//IAM/latest/UserGuide/enable-mfa-for-root.md
+++ b//IAM/latest/UserGuide/enable-mfa-for-root.md
@@ -13 +13 @@ Multi-factor authentication (MFA) is a simple and effective mechanism to enhance
-Starting May 2024, all root users are required to enable MFA during their next sign-in if MFA is not already enabled. Users can postpone MFA registration for up to 35 days by skipping the prompt. After 35 days, enabling MFA becomes mandatory to proceed with sign-in and to access the AWS Management Console. For member accounts, MFA setup is currently optional, but enforcement is planned for Spring 2025,
+Starting May 2024, all root users are required to enable MFA during their next sign-in if MFA is not already enabled. Users can postpone MFA registration for up to 35 days by skipping the prompt. After 35 days, enabling MFA becomes mandatory to proceed with sign-in and to access the AWS Management Console. For root users of AWS Organizations member accounts, MFA registration is currently optional, but enforcement is planned for Spring 2025.