The use of Multi-Factor Authentication, or MFA, to access your Amazon Web Services management console is a best practice strategy. We currently use MFA for all Managed Services clients at 2nd Watch. Several Sr. Cloud Engineers recently updated their virtual MFA devices and had to rebuild their MFA associations. This task can be daunting if performed after the fact. Since the virtual Google Authenticator doesn’t have a supported export / import feature, we highly recommend the following before a device upgrade.
- For each AWS account, deactivate the current MFA virtual device. To perform this task log into your AWS account using the Management Console, https://console.aws.amazon.com/
- Once logged in, navigate to the Security Credentials page under My Account / Console in the upper right corner of the Management Console, https://portal.aws.amazon.com/gp/aws/securityCredentials
- About halfway down the page is the Sign-In Credentials section where the AWS Multi-Factor Authentication is displayed. This is where you should de-activate your current virtual device.
- Log out and log back into your AWS Management Console to verify that the MFA has been successfully removed. (Important Step)
- You are now ready to active your new virtual MFA device.
It is important to follow these steps prior to sanitizing your old device. If you fail to deactivate your old device you will need to contact AWS Support for a manual removal of your MFA device. This can be timely and at times, the appropriate security authorization is hard to deliver.
Recent Blog Posts
- High Performance Computing in the Public Cloud
- Business Intelligence and Analytics in the Public Cloud
- Batch Computing in the Cloud with Amazon SQS & SWF
- The Elusive Enterprise Cloud Architect
- A Peek Inside How Companies are Using Amazon’s $6 Billion Cloud
- Integrating VMware (vRealize) and AWS Public Cloud with the 2nd Watch vRealize plugin