Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Unable to require and set up IAM users to use MFA

I am somewhat of an AWS/IAM noob, and I need to require all my users to use MFA in AWS AIM, but I am unable to find the setting to require that. If I follow a lot of the instructions I’m finding, it only walks me through setting it up on my own phone, not allowing my users to set it up. I did find these instructions, but when I go to my IAM Identity Center Console, there is no left nav with a Settings option, and I can’t find this Configure multi-factor authentication page.

In the current IAM, where do I go to to find this Users can add and manage their own MFA devices setting? Or, is there a different place to do it now?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I was able to get this to work by creating the policy specified in the AWS docs and assigning it to the users.


  2. 0

    To allow MFA-authenticated IAM users to manage their own MFA devices, you need to create and attach a specific IAM policy. This policy should allow users to perform MFA-related actions on their own IAM user resources. Here’s how to do it:

    Add Policy to Allow MFA-Authenticated Users to Manage Their Own MFA

    1. Open the IAM Console:

      • Go to the AWS Management Console and open the IAM console at IAM Console.

    2. Create a New Policy:

      • In the navigation pane, choose Policies.
      • Choose Create policy.
      • On the Create Policy page, switch to the JSON tab.

    3. Add the Policy JSON:
      Refer below official document from AWS for json policy
      https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage-mfa-only.html

    4. Review and Create Policy:

      • Choose Review policy.
      • Provide a name and description for the policy, e.g., ManageOwnMFA.
      • Choose Create policy.

    Attach the Policy to Users or Groups

    1. Navigate to Users or Groups:

      • In the IAM console navigation pane, choose Users or Groups.
      • Select the user or group to which you want to attach the policy.

    2. Attach the Policy:

      • Choose the Permissions tab.
      • Choose Add permissions.
      • Select Attach policies directly.
      • Search for the policy you created (ManageOwnMFA), select it, and choose Next: Review.
      • Choose Add permissions.

    Verify Policy Effectiveness

    1. Sign in as the User:

      • Have the user sign in to the AWS Management Console.

    2. Navigate to My Security Credentials:

      • The user should click on their username in the navigation bar and select My Security Credentials.

    3. Manage MFA Devices:

      • Under Multi-factor authentication (MFA), the user should be able to manage their MFA devices, including adding, enabling, and deleting their own MFA devices.
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search