IA-2 (2) The information system implements multifactor authentication for network access to non-privileged accounts.
AWS Multi-Factor Authentication (AWS MFA) provides an extra level of security that customer agencies apply to their AWS environment. Customer agencies can enable AWS MFA for their account and for individual users they have created under their account. With AWS MFA enabled a user that signs into the FedCloud Console will be prompted for their username and password, as well as for an authentication code from their MFA device. Taken together, these multiple factors provide increased security for customer agencies’ AWS account settings and resources.
Virtual EC2 instances are completely controlled by the customer agency. Customers have full root access or administrative control over accounts, services, and applications. AWS does not have any access rights to customer instances and cannot log into the guest OS.
AWS recommends a base set of security best practices to include disabling password-only access to their servers, and utilizing multi-factor authentication to gain access to their instances (or at a minimum certificate-based SSH Version 2 access)
Data.gov implements the use of multifactor Authentication (MFA) to add an extra layer of security for login access to its GitHub Repository and Slack for all 18F users. With MFA enabled, all Data.gov users are prompted for a username and password, as well as the authentication code from their MFA device.