AWS Security ChangesHomeSearch

AWS IAM high security documentation change

Service: IAM · 2025-04-16 · Security-related high

File: IAM/latest/UserGuide/gs-identities-mfa.md

Summary

Updated MFA requirements to mandate root user MFA for all account types within 35 days

Security assessment

Expands mandatory MFA requirements for root users as a security best practice

Diff

diff --git a/IAM/latest/UserGuide/gs-identities-mfa.md b/IAM/latest/UserGuide/gs-identities-mfa.md
index e7895618c..7a2f79aaa 100644
--- a//IAM/latest/UserGuide/gs-identities-mfa.md
+++ b//IAM/latest/UserGuide/gs-identities-mfa.md
@@ -11 +11 @@ Using multi-factor authentication (MFA) with your identities is another IAM best
-Starting May 2024, all root users are required to enable MFA during their next sign-in if MFA is not already enabled. Users can postpone MFA registration for up to 35 days by skipping the prompt. After 35 days, enabling MFA becomes mandatory to proceed with sign-in and to access the AWS Management Console. For member accounts, MFA setup is currently optional, but enforcement is planned for Spring 2025.
+All AWS account types (standalone, management, and members accounts) require MFA to be configured for their root user. Users must register MFA within 35 days of their first sign-in attempt to access the AWS Management Console if MFA is not already enabled.