Setting up MFA with SNS and Java

Rimpi Mathur | Technical Architect

 

To provide better security and avoid unauthorized access to your applications, you should enable multi-factor authentication (MFA). This blog explains how to set up MFA using AWS APIs and services.

What is MFA?

With identity theft and cybercrime on the rise, multi-factor authentication (MFA) is a good way to improve your account security. MFA adds an additional layer of identity validation along with the basic login credentials. It is a unique number that is valid for a short duration of time and is sent to a device of your choice. This number is typically sent to an email address or cell phone number, but it can also be accessed using a specialty app.

Technology

We will be using the following technologies to achieve our goal.

  • • AWS SNS API
  • • Java 1.8 or higher
  • • Eclipse or any other IDE
  • • Maven for code build

 

First, let’s look at sending MFA using the AWS admin console.

Sending text message to cell phone using Amazon Simple Notification Service

  • • AWS Console Settings

  1.  Under “Simple Notification Service,” click on Test Messaging (SMS).
  2.  Make sure your account is not in the SMS sandbox; in sandbox mode, you can send a maximum of 10 text messages. Submit a request for Service Limit Increase. This normally takes a day to be approved by AWS.
  3.  From the console, purchase an origination number. This is a 10-digit toll-free number that will be used for sending out messages. This number is assigned by AWS.
  4.  To send a message from the console click on “Publish Text Message.”
  5. Enter all the information in each box.

Publish SMS message, DetailsDestination phone numberCountry-specific attributes, Entity ID, Template IDNow that we know how to send an MFA code from the console, let’s integrate this into our code.

We will see how we can send the MFA code post-login from our codebase.

Generate MFA code using Java

There are many ways of creating a  6-digit number. One of the simplest ways is to use the Random() method in Java.

  • • Code for sending messages using SNS.

 

    1. We will import six packages that are required for defining the settings in AWS.

com.amazonaws.regions.Regions;

com.amazonaws.services.sns.AmazonSNSAsync;

com.amazonaws.services.sns.AmazonSNSAsyncClientBuilder;

com.amazonaws.services.sns.model.MessageAttributeValue;

com.amazonaws.services.sns.model.PublishRequest;

com.amazonaws.services.sns.model.PublishResult;

    1. Sample code for creating a text message.

There are three AWS attributes that need to be set: region, maximum cost, and SMS type.

public void sendSMS(String message, String phoneNumber) {

 

// Initializes the message, phone number, aws attributes, and sends the code.

 

try {

PublishResult result = initSnsClient()
     .publish(new PublishRequest()
.withMessage(message)
.withPhoneNumber(phoneNumber)
.withMessageAttributes(initSmsAttributes()));

} catch (Exception e)

}

// The AWS region you will use for sending text messages; this region should be the same region that you moved to production mode (from sandbox) in the initial setting from AWS console.

 

private AmazonSNSAsync initSnsClient() {

AmazonSNSAsync snsClient =  AmazonSNSAsyncClientBuilder.standard()

.withRegion(Regions.US_EAST_2).build();

return snsClient;

}

// Sets the max price for sending each text message.

 

private Map<String, MessageAttributeValue> initSmsAttributes() {

if(smsAttributes == null) {

smsAttributes = new HashMap<String, MessageAttributeValue>();

smsAttributes.put(“AWS.SNS.SMS.MaxPrice”, new MessageAttributeValue()

.withStringValue(“0.10″))

.withDataType(“Number”));

 

// Sets the type to Promotional (non-critical) or Transactional (message sent with high priority).

 

smsAttributes.put(“AWS.SNS.SMS.SMSType”, new MessageAttributeValue()

.withStringValue(“Transactional “))

.withDataType(“String”));

}

return smsAttributes;

}

      1. This code can easily be called from any other class for sending the text message.
      • • Sending MFA code using E-mail

An e-mail can be sent using the helper class JmsTemplate

 

private void addMessageToQueue(final Email email) {

try {

    jmsTemplate.send(new MessageCreator() {

@Override

public Message createMessage(Session session) throws JMSException {

return session.createObjectMessage(email);

}

});

}

catch (Exception e) {

throw e;

}

}

}

Contact us for more help setting up MFA with SNS and Java!