Root Account MFA Enabled

• Rule: root-account-mfa-enabled

Assignment

Check if the AWS root user has MFA enabled. Add it to become compliant.

✅ Step 1: Setting Up the AWS Config Rule

To begin, we navigated to the AWS Config console to add a rule that checks whether Multi-Factor Authentication (MFA) is enabled on the root account — a key security best practice.

Here’s how we set it up:

• We opened the AWS Config console.
• Clicked on Rules in the left-hand menu and selected “Add Rule.”
• Searched for and selected the rule named root-account-mfa-enables from the list.
• Left all configuration settings as default and clicked “Add Rule” to complete the setup.

This added the rule to our AWS Config dashboard for ongoing evaluation

                                         **Screenshot showing the creation of the root-account-mfa-enabled rule**

                                                                     **Successful creation of the rule**

Step 2: Checking Compliance Status

Once the rule was active:

• We opened the rule details from the AWS Config Rules list.
• AWS Config immediately evaluated the state of the root user.