MFA can be enabled by the root user or an IAM user with the necessary permissions. While the root user has full access to all resources and settings by default, including MFA settings, IAM users must be granted permissions explicitly through IAM policies to manage MFA devices. Therefore, it's not accurate that the root user is the only one who can enable MFA; IAM users can also do so if properly authorized.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.