AWS Identity and Access Management (IAM) announces MFA protection for cross-account access

Posted on: Feb 27, 2014

We are excited to announce support for multi-factor authentication (MFA) protection for cross-account access.

MFA is a security best practice that adds an extra layer of protection to your AWS account. It requires users to present two independent credentials: what the user knows (password or secret access key) and what the user has (MFA device). IAM already supports adding MFA protection when you grant access to users within a single AWS account. With today’s announcement, you can add similar protection when granting access to users across accounts, by requiring them to authenticate with MFA before assuming an IAM role.

For more information, visit the Configuring MFA-Protected API Access section in the Using IAM guide.