루트 계정 보호하기 (필수)

~~Your~~최근 ~~root~~클라우드 ~~user~~환경에서 ~~(the~~계정의 ~~email~~OTP ~~you~~설정은 ~~used~~필수로 to자리 ~~register~~매김하고 ~~the~~있습니다. ~~AWS~~유명연예인들의 ~~account)~~아이폰, is안드로이드의 ~~very~~클라우드 ~~powerful~~계정 ~~and~~탈취 ~~grants~~사건 ~~unlimited~~등 ~~access~~해커들의 to계정 ~~your~~탈취 ~~account~~수법은 ~~and~~날로 ~~resources.~~발전해가고 ~~The~~있습니다. ~~CIS~~이와 ~~AWS~~같은 ~~Foundations~~계정 ~~Security~~탈취를 ~~Benchmark~~방어하기 ~~Controls~~위한 OTP 설정은 필수입니다. 5분만 투자하면 OTP 설정을 통해 계정을 더 안전하게 보호할 수 있습니다. 데모와 함께 따라해보세요!

~~Perform all other actions using IAM Users or other IAM identities. Click~~ ~~here~~

~~for more information.~~

~~This section will show you how to:~~

~~Configure MFA for your Root user~~ ~~Delete your Root Account access keys~~

Controls Implemented in this Section

~~ACCT.02 - Restrict use of the root user~~

~~ACCT.05 - Require Multi-Factor Authentication (MFA) to log in~~

Workshop Steps

Delete root account access keys

~~Since root user access keys grant unlimited programmatic access to your account and its resources. You should delete them to secure your account.~~

~~Sign in to the~~ ~~AWS Console~~

~~as the root user by choosing Root user and entering your AWS account email address.~~

~~Log in as root user~~

~~Click on your username on the top right and select~~ ~~Security Credentials~~.

~~Access Security Credentials~~

~~On the~~ ~~Your Security Credentials~~ ~~page, select~~ ~~Access keys (access key ID and secret access key)~~ ~~to expand it.~~ ~~If you have any access keys, select~~ ~~Delete~~.

~~Delete access keys~~

~~Select~~ ~~Deactivate~~ ~~and fill in the key name and select~~ ~~Delete~~ ~~to delete the key.~~

Multi-Factor Authentication (MFA) is a vital mechanism to improve your account security. With MFA set up, a malicious actor will face another challenge to access your account even if they manage to get your root email and password.

~~Ideally, the token and the password should be held by~~ ~~two different people~~~~. This will prevent any single person from using the root account.~~

~~Download an authentication application app to your phone if you don't have any other MFA device. For this workshop, we will be using Twilio Authy -~~ ~~iOS~~

| ~~Android~~

~~Use your AWS account email address and password to sign in as the AWS account root user to the~~ ~~IAM console~~

~~On the right side of the navigation bar, click your account name, and click~~ ~~My Security Credentials~~~~. If necessary, click~~ ~~Continue to Security Credentials~~.

~~Access Security Credentials~~

~~Then expand the Multi-Factor Authentication (MFA) section on the page.~~ ~~Click~~ ~~Activate MFA~~.

~~In the wizard, select~~ ~~Virtual MFA device~~ ~~device and then click~~ ~~Continue~~.

~~On the~~ ~~Set up virtual MFA device window~~ ~~click~~ ~~Show QR code~~.

~~Click on the plus button on Twilio Authy app and scan the QR Code.~~

~~Click on~~ ~~"+"~~ ~~button on Twilio Authy to scan QR code~~

~~If you cannot scan the code, tap~~ ~~cancel~~ ~~on Twilio Authy. Select~~ ~~Enter key manually~~ ~~on the bottom of the screen. Click on~~ ~~Show Secret Key~~ ~~on the AWS MFA set up wizard. Type the key manually into Twilio Authy.~~

~~You can set a password to store this securely on Authy or tap~~ ~~Skip~~ ~~if you choose not to. Tap~~ ~~save~~.

~~The device starts generating six-digit numbers.~~

~~6-digit authentication number generated on Twilio Authy~~

Return to the Manage MFA Device wizard. In the MFA Code 1 box, type the six-digit number that’s currently displayed by the MFA device. Wait up to 30 seconds for the device to generate a new number, and then type the new six-digit number into the Authentication Code 2 box. Click ~~Assign MFA~~

~~Enter 2 consecutive MFA codes to authenticate~~

Important: Submit your request immediately after generating the codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device is out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.

Test your new MFA setting

~~Open a~~ ~~separate browser~~ ~~and~~ ~~stay logged in to your account on the original browser.~~ ~~Try logging into your root account at the~~ ~~AWS console~~

~~Sign in using a separate browser~~

~~You should need the MFA code to log in.~~ ~~If MFA doesn’t work, return to the previous browser where you are still logged in and try to configure MFA again.~~

~~For more information please read the~~ ~~AWS User Guide~~

What you accomplished

~~By implementing this control, you have successfully~~

~~Configured MFA for your Root user~~ ~~Deleted your Root Account access keys~~