Skip navigation
A cloudscape, overlaid with a color filter of Duo green
Industry News

Duo MFA for AWS: Secure Your Cloud Journey

Cisco’s Duo Security, the leading zero-trust security platform for access control, in partnership with AWS, a leader in cloud infrastructure and services, offers comprehensive access control solutions to secure organizations’ cloud deployments in AWS.

Introducing Duo MFA for AWS Directory Services

Duo was the first provider to pioneer an automated way to add robust two-factor authentication and flexible security policies to Amazon Web Services (AWS), complete with inline self-service enrollment and Duo Prompt.

As an AWS advanced technology partner, Duo is committed to providing secure multi-factor authentication solution (MFA) for all AWS services, applications, and infrastructure. MFA is one of the strongest security controls available for secure access and forms the foundation for zero-trust security architecture. This ongoing collaboration between Duo and AWS focuses on deep technical integrations, simplifying the deployment and use of Duo services on AWS.

The Deployment Guide walks you through how to set up MFA for AWS directory services (managed AD and AD connector).

Duo MFA for AWS benefits:

  • Easily verify user identity from anywhere, from any device, with the Duo Mobile app.

  • Create and manage granular security policies at the app or group level.

  • Configure access to various AWS services like AWS console, Workspaces, Workmail, Workdocs, Chime, and more with one deployment.

  • Adhere to best practices and compliance with Cybersecurity Maturity Model Certification (CMMC).

  • Reduce deployment complexities and boost operational efficiencies, with deployment tested and supported by AWS and Duo.

Is MFA necessary for AWS?

To safeguard your sensitive data, implementing MFA in AWS environments is more than a recommendation; it is a necessity. MFA helps ensure that access to cloud resources is granted only after multiple forms of user verification, reducing your risk of unauthorized access, phishing, and malware attacks.

Cloud adoption has become a central tenant for IT modernization for enterprises and SMBs alike. It has been years since cloud storage took its first steps, and now, it has matured to the extent that 92% of surveyed organizations report using more than two public cloud providers. Hybrid and multicloud are the norm now—and so is storing sensitive data in the cloud.

While cloud computing provides a number of benefits such as lower costs, faster deployment, scalability, a more robust system, and CapEx-free computing—security is still the biggest challenge for most CIOs when they shift their applications and data to the cloud.

Cloud providers like AWS normally have dedicated cybersecurity measures in place and go to great lengths to protect their platforms' infrastructure, networks, servers, and customers. However, they are not a managed-security provider for customers. It is the customer’s responsibility to protect their data, applications, and user access, as highlighted in the shared security model for AWS customers. And that’s why so many AWS users are turning to Duo MFA to secure user access to their AWS applications.

How does MFA for AWS work?

Enabling MFA on your AWS account unlocks a powerful layer of protection that keeps your applications and data even safer. MFA works for AWS by requiring two forms of identity verification: something users know (your usual username and password) and something they have (an MFA device or biometric authenticator), like a unique authentication code from the Duo Mobile app.

MFA as an added layer of security makes it significantly more difficult for unauthorized individuals to access AWS accounts and resources, as gaining access requires both the standard credentials and the unique MFA code, which only the legitimate user can provide.

How do I enable MFA for all users in AWS?

Enabling Duo MFA for AWS is a straightforward process that enhances the security of your account by adding a second layer of authentication. The entire deployment process in AWS to enable MFA for all users in your organization typically takes around 45 minutes. Here's how you can get started:

  1. Get a Duo license. First, sign up for a Duo license that suits your needs. You can explore various editions and pricing options at Duo's pricing page.

  2. Access your AWS account. If you’re new to AWS, you’ll need to create an account first, which you can do at AWS's website.

  3. Launch Duo in AWS. Once logged in to AWS, you're ready to launch the Duo MFA solution. Before creating your stack, select an AWS Region from the top toolbar in the AWS console. You have two choices for deployment:

  4. Verify your Duo deployment. After deploying Duo MFA, confirm that the integration is functioning as intended.

  5. Customize your setup. If you have specific needs or requirements, you can modify and customize your Duo MFA implementation. This step is optional but can be beneficial for tailoring the setup to your organization's unique environment.

For specific set up instructions, follow the Partner Solution Deployment Guide for Cisco Duo MFA on AWS.

Zero trust security is essential in the perimeterless world of the cloud

Though the traditional network perimeter-based security model is a key part of overall security architecture, it is not sufficient alone in the cloud era as there are no network boundaries that can safely achieve implicit trust. Adopting a zero trust posture of “trust no one” prevents all users and devices from access until the access request is verified for trustworthiness is most suitable for cloud.

Explore how Duo works with Amazon Web Services

Duo is committed to securing cloud deployments for its customers. Duo's MFA solution is the beginning of many more integrations and deployment solutions for AWS. To learn more about Duo’s partnership with AWS, visit

Let us know what you think about this Deployment Guide and also send us your suggestions regarding integrations you desire. You can reach us at