As an administrator, you can configure credentials (access keys, passwords, signing certificates, and SSH public keys) and MFA devices for your IAM users.  This is acceptable when you have a few users to set up and configure who need access to your AWS Account.  However, when you need to create and manage hundreds of users, then it becomes a very time-consuming task for a single administrator to perform.

In this video, we demonstrate how you can enable your IAM Users to log in to the AWS Management Console, access the My Security Credentials page, and then manage their own IAM security features such as change passwords, rotate access keys, and more importantly set up and configure their own Multi-Factor Authentication.  More specifically, your users may require access to various AWS services and resources.  In this video, we look at how to allow users access to those services, but only if they have configured MFA and logged in with Multi-Factor Authentication.  Unless your IAM Users configure MFA for their IAM accounts, they will not be allowed to access any AWS Service and the only task they can perform without being authenticated with Multi-Factor Authentication is to first set up MFA.

This video demonstrates a sample IAM Policy that prevents your IAM users from being able to carry out any tasks in your AWS Account unless they have set up and authenticated with an MFA device.  The only task they can perform if not authenticated with Multi-Factor Authentication is to set up MFA. You can access the sample policy document in our GitHub repository at
https://github.com/iaasacademy/aws-how-to-guide/tree/main/Enable%20IAM%20Users%20to%20setup%20MFA

At the IaaS Academy, we deliver On-Demand Training programs and Practice Exams for AWS Certifications.

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

We use WooCommerce as a shopping system. For cart and order processing 2 cookies will be stored. This cookies are strictly necessary and can not be turned off.
  • woocommerce_cart_hash
  • woocommerce_items_in_cart

Decline all Services
Accept all Services