Establish Multi-Factor Authentication to AWS users

[JasonEb]

Overview

As developers and infrastructure engineers, we would like to establish Multi-Factor Authentication(MFA) to our AWS account for new users.

Currently, no MFA is enforced except for those who opted in. We would like to improve our security by enforcing MFA and creating a Ops wiki guide to demonstrate how to use MFA.

Action Items

• [ ] Determine intial MFA requirements (ask the people on the ground what an ideal continuity plan looks like) and do a writeup.
  • [ ] present the write-up with the Ops CoP
• [ ] Explore AWS and 1 Password MFA options
• [ ] Make a written recommendation on how to manage MFA on the AWS IAM side
• [ ] Get sign off
• [ ] Create MFA Usage guide
  • may have to create an additional Templates/Guides issue for this item

Resources/Instructions

Resources

[chelseybeck]

We should re-create this as a new issue in the devops-security repo where this is added via terraform configuration...perhaps also separate into two issues - one for creating the guide and one for adding permissions & policy enforcements

[chelseybeck]

@samuelusc volunteered to rewrite this issue specific to Terraform

[sudhara]

Is this issue okay as-is or does it need to be rewritten, now that we are using Infrastructure as code for incubator vs GUI interface?