AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

AWS IAM Identity Center -- Identity Source MFA

0

After enabling AWS IAM Identity Center in our primary account for our organization, and intending to change the identity source to an external one for use with Google Workspace, I was presented with a bullet list of consequences to changing the identity source. The main one that struck me was bullet #2:

IAM Identity Center will delete your current multi-factor authentication (MFA) configuration.

It is unclear what this is referring to exactly, and I was unable to find any clarification in the documentation for AWS IAM Identity Center.

Is this only supposed to affect a given identity source if we had one set up already? (In this case, we didn't) Or would it affect existing IAM users in the primary account? Or would it affect the root user of the primary account?

Thank you for any clarification that can be provided.

질문됨 일 년 전504회 조회
1개 답변
2
수락된 답변

We believe that even if MFA is disabled in the AWS IAM identity center, the root user's MFA will not be disabled.
https://docs.aws.amazon.com/accounts/latest/reference/root-user-vs-iam.html

As stated in this document, I thought it was separated from the IAM identity center as it states that the root user's MFA only affects the root user.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html

You can enable MFA for the AWS account root user and IAM users. When you enable MFA for the root user, it affects only the root user credentials.

profile picture
전문가
답변함 일 년 전
profile picture
전문가
검토됨 6달 전
profile picture
전문가
검토됨 8달 전
  • Thank you for your answer. This was confirmed by creating a completely separate AWS account and testing it there. After changing the Identity Source, the root user's MFA and the MFA of existing IAM users were all unaffected.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인