1 00:00:07,730 --> 00:00:13,110 Welcome back to Backspace Academy. In this lab on multi-factor authentication 2 00:00:13,110 --> 00:00:20,490 we're going to be implementing mfa on the route user access and that is very 3 00:00:20,490 --> 00:00:25,949 important because if you have an iam user compromised you can quite simply 4 00:00:25,949 --> 00:00:32,250 delete that iam user but if you have your root access compromised then you 5 00:00:32,250 --> 00:00:36,120 just won't have access at all and it will create a lot of problems if you 6 00:00:36,120 --> 00:00:39,510 actually have your root user access compromised so it's vitally important 7 00:00:39,510 --> 00:00:44,190 that you set up multi-factor authentication on root user so the first 8 00:00:44,190 --> 00:00:48,450 thing we need to do is we need to download Authy so you go to authy.com 9 00:00:48,450 --> 00:00:52,260 in the downloads section now there's a number of options for downloading you 10 00:00:52,260 --> 00:00:57,930 can use any of these you can download it onto your mobile application for for iOS 11 00:00:57,930 --> 00:01:04,379 or Android there's a desktop application as well for Mac and Windows 12 00:01:04,379 --> 00:01:08,159 if your going to select the 64-bit windows make sure you're running 64-bit 13 00:01:08,159 --> 00:01:13,710 windows otherwise we're going to have a problem and for Linux you should be able 14 00:01:13,710 --> 00:01:20,369 to use Authy in your Chrome browser, so you should go use it with Chromium 15 00:01:20,369 --> 00:01:25,680 I guess, I haven't tried that myself but that should work for Linux users so 16 00:01:25,680 --> 00:01:29,610 download those I'd probably recommend you download both the desktop and the 17 00:01:29,610 --> 00:01:34,290 mobile application because it's good to have both in case one goes a bit haywire 18 00:01:34,290 --> 00:01:39,930 you've always got the other one as a backup, okay so once you've got Authy 19 00:01:39,930 --> 00:01:44,700 downloaded just run the desktop app and set up your account so you need to put 20 00:01:44,700 --> 00:01:48,140 in your country code and your phone number in there and then click on next 21 00:01:48,140 --> 00:01:52,590 ok so once you've put in your phone number details if you used a landline 22 00:01:52,590 --> 00:01:58,140 number you'll have to select phone call otherwise you can select SMS if you've 23 00:01:58,140 --> 00:02:01,649 already setup or theme and you've already been using OAuth in the past you 24 00:02:01,649 --> 00:02:05,909 can use your existing device to do that but just click on probably SMS you'll be 25 00:02:05,909 --> 00:02:12,510 using a mobile or phone call to verify your account, ok so once we've got 26 00:02:12,510 --> 00:02:16,050 Authy set up then can go back into the IAM management 27 00:02:16,050 --> 00:02:21,209 console will go to the dashboard and you can see here on the security status 28 00:02:21,209 --> 00:02:27,150 we've got a warning here that saying activate MFA on your root account so we 29 00:02:27,150 --> 00:02:33,120 click the drop down there and we can manage MFA so we're going to be using a 30 00:02:33,120 --> 00:02:37,440 virtual MFA device which is what Authy is it's a software application it's not 31 00:02:37,440 --> 00:02:41,459 a hardware device and next steps and it's telling us to download and install 32 00:02:41,459 --> 00:02:48,690 an MFA compatible application which is what Authy is so next step, okay so if 33 00:02:48,690 --> 00:02:53,310 we're using the mobile application we can open it up and in the top right hand 34 00:02:53,310 --> 00:02:57,600 corner there there'll be a drop down menu and what you can select 35 00:02:57,600 --> 00:03:02,790 add account and then scan a QR code and when you scan that, that will 36 00:03:02,790 --> 00:03:10,470 automatically add the AWS account to your virtual MFA device if you're using 37 00:03:10,470 --> 00:03:16,110 the Authy desktop app you need to just cut and paste the actual key in there 38 00:03:16,110 --> 00:03:18,930 and which is what I'm going to do now so just double click on that and copy it 39 00:03:18,930 --> 00:03:24,450 and I'll copy that into orthey so what I do is I click on the plus sign for Authy 40 00:03:24,450 --> 00:03:34,620 here and I'll just open that up here and I put that key in there now and I click 41 00:03:34,620 --> 00:03:39,390 on Add Account so what it's going to do now and you don't have these options for 42 00:03:39,390 --> 00:03:42,320 the mobile application it just automatically just puts it in for you 43 00:03:42,320 --> 00:03:45,810 but what you can do is you can select whatever you want here so you'd be 44 00:03:45,810 --> 00:03:49,860 scroll down you can see the icon for Amazon Web Services so just put that on 45 00:03:49,860 --> 00:03:58,110 there and give your account a name as well, so I'm just going to call mine 46 00:03:58,110 --> 00:04:02,610 backspace labs, make sure you don't call yours backspace Labs call yours whatever 47 00:04:02,610 --> 00:04:09,739 something different other than backspace and click on save, okay so there we have 48 00:04:09,739 --> 00:04:16,049 created for us our our account has been set up for multi-factor authentication 49 00:04:16,049 --> 00:04:20,370 on Authy, so what we need to do now is get this this number here this eight one 50 00:04:20,370 --> 00:04:24,289 seven five one nine and put it into here 51 00:04:25,930 --> 00:04:30,530 okay and then we just go in your wait a while for it to change so it's now 52 00:04:30,530 --> 00:04:36,229 changed so we just put the second one in there now okay so once we've got those 53 00:04:36,229 --> 00:04:42,050 two authentication codes we can click on activate virtual MFA device so there we 54 00:04:42,050 --> 00:04:45,740 have the MFA device has been successfully associated with your 55 00:04:45,740 --> 00:04:50,680 account so if we now refresh the console 56 00:04:51,039 --> 00:04:56,479 and we can see there that we've got activate MFA on our root account has got 57 00:04:56,479 --> 00:04:59,960 a big green tick to it, so we've already done that so next time we log into our 58 00:04:59,960 --> 00:05:05,300 MFA root accounts what will happen is that we'll put in our username and 59 00:05:05,300 --> 00:05:10,159 password and there will be a second process where we have to put in this 60 00:05:10,159 --> 00:05:16,669 number or this code from Authy. So that brings us to the end of the MFA lab 61 00:05:16,669 --> 00:05:22,039 and make sure that you go and download the lab notes and follow this through 62 00:05:22,039 --> 00:05:26,409 quite carefully because it's very important to set that up.