Severity: Critical
Description: Ensures a This control ensures multi-factor authentication device is enabled for the root account. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device.
Remediation Steps:
To configure and enable a virtual MFA device for use with your root user:
...
Changes in account credentials may take up to 4 hours to get reflected in the AWS IAM evaluations. The time taken depends on when the last credential report was fetched by the Cloud View service and the time when changes were made in AWS IAM
Important:
Changes in account credentials may take up to 4 hours to get reflected in the AWS IAM evaluations
Reference:
CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.5
...
Using AWS CLI:
# aws iam create-virtual-mfa-device --virtual-mfa-device-name <Name device> --outfile <path> --bootstrap-method <method>
For command usage refer: https://docs.aws.amazon.com/cli/latest/reference/iam/create-virtual-mfa-device.html
...