By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to validate the Trusted Advisor MFA on Root Account List?

0

Hi Team, One of my customer has 90 sub-accounts which are not root accounts but is being highlighted in the Trusted Advisor MFA on Root not enabled report. How do we verify or validate these sub-accounts which don't really need an MFA and they are all tied up to a single payerid which has MFA enabled.

Topics
Management & Governance
Tags
AWS Trusted Advisor
Language
English
AWS
AWS-User-5845938
asked 6 months ago169 views
1 Answer
0

Every AWS account has a root user. This will be why it’s being reported. True when you create an account in an org there is no password but an email address is required. The way to log into the account is to perform a password recovery.

Usual to satisfy the AWS control each account would require an MFA device adding to root.

Aws CONFIG and backed with security hub will also provide the same insight if configured across the org.

profile picture
EXPERT
Gary Mclean
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content