AWS IAM high security documentation change
Summary
Updated MFA requirements to mandate root user MFA for all account types within 35 days
Security assessment
Expands mandatory MFA requirements for root users as a security best practice
Diff
diff --git a/IAM/latest/UserGuide/gs-identities-mfa.md b/IAM/latest/UserGuide/gs-identities-mfa.md index e7895618c..7a2f79aaa 100644 --- a//IAM/latest/UserGuide/gs-identities-mfa.md +++ b//IAM/latest/UserGuide/gs-identities-mfa.md @@ -11 +11 @@ Using multi-factor authentication (MFA) with your identities is another IAM best -Starting May 2024, all root users are required to enable MFA during their next sign-in if MFA is not already enabled. Users can postpone MFA registration for up to 35 days by skipping the prompt. After 35 days, enabling MFA becomes mandatory to proceed with sign-in and to access the AWS Management Console. For member accounts, MFA setup is currently optional, but enforcement is planned for Spring 2025. +All AWS account types (standalone, management, and members accounts) require MFA to be configured for their root user. Users must register MFA within 35 days of their first sign-in attempt to access the AWS Management Console if MFA is not already enabled.