HackerTrans
TopNewTrendsCommentsPastAskShowJobs

AWS pre:Invent 2022 – interesting announcements so far leading up to re:Invent(steampipe.io)

25 points·by ynwa1994·vor 4 Jahren·4 comments
steampipe.io
AWS pre:Invent 2022 – interesting announcements so far leading up to re:Invent

https://steampipe.io/blog/pre-invent-2022

4 comments

chromatin·vor 4 Jahren
> AWS Identity and Access Management (IAM) now supports multiple multi-factor authentication (MFA) devices for root account users and IAM users in your AWS accounts. This provides additional flexibility and resiliency in your security strategy by enabling more than one authentication device per user. You can choose from one or more types of hardware and virtual devices supported by IAM.

*YES!!!*
bob-bot·vor 4 Jahren
My last company we used only virtual MFA as it was easier to manage with a remote team. For Root MFA, could easily enforce a 2 group action through a password manager, one group to obtain the password, the other to get the TOTP.

Before having the ability to apply both HW and Virtual tokens per user, what did you do? only use HW devices? Or just Virtual?

What use cases do you have now for both at the same time?
chromatin·vor 4 Jahren
I am currently using only virtual. With IAM supporting only a single MFA per account, it created a huge risk to involve a HW token that could be lost.

I am transitioning many of my accounts (not just AWS) to hardware tokens and away from TOTP, but it is important to have > 1 token enrolled in case of loss.
bob-bot·vor 4 Jahren
Yea good point, nice to have backup just incase. Thanks for sharing