1. Log in to each account as root user via AWS Console.
2. Click the Next button once the root user email address is entered.
3. You will be redirected to enter the password field as the first user to access to this account as root user, click on "Forgot password?" to redirect to password reset screen.
4. Enter the characters shown in the image below and click Send email. An email with password change link for the root user will be sent.
5. Check your email and change the password.
6. Log in with the new credentials for each respective account to access the AWS Console.
7. To enable MFA on your AWS accounts, go to IAM (Identity and Access Management) page by typing in the search services field.
8. In IAM service page, under Security status, click the "Activate MFA on your root account".
9. Click the Manage MFA button.
10. Click the Continue to Security Credentials button.
11. Click Multi-factor authentication (MFA) and click Activate MFA button.
12. Select your preferred type of MFA device to assign.
13. As example above, launch your Google Authenticator App and click the (+) on the top right hand side to add a new account.
14. Select Scan Barcode to scan QR Code.
15. Click on ‘Show QR code’ and point your phone camera to the QR code. This will add the account into Google Authenticator. You will start to see 6 digit codes appear and change every 30 seconds.
15. click on “Show secret key” and save the key in a very safe place. Since Google Authenticator does not back up itself, all MFAs would be lost in case you lose or damage your phone.
16. Your Multi-factor authentication on your root aws account is now complete and ready to use.
The next time you log into your AWS console, you will be prompted to enter an MFA code.
Go back into your Google Authenticator App on your phone, and type in the 6 digits that appear.
Credits:
Claison Amorim