In the left navigation pane, select Users and then choose the name of the user for whom you want to enable a YubiKey.You can order a YubiKey security key using or other retailers.įollow these steps to enable a YubiKey security key for your IAM user:
To follow along, you must have a YubiKey security key that you want to associate with your IAM user. Enabling a YubiKey security key as MFA device for IAM users For more information, please review Supported Configurations for Using U2F Security Keys. Also, the AWS Console Mobile App and mobile browsers do not currently support YubiKey security as MFA for AWS. Note: You can enable a YubiKey security key as MFA device for your root users from the Security Credentials page by following a similar setup process. I then demonstrate how to sign into the AWS Management Console as an IAM user using the YubiKey security key as your MFA device. In this post, I demonstrate how to enable a YubiKey for your IAM users in the IAM console. Now, you can use your existing key to authenticate to other third-party applications, such as GitHub or Dropbox, to sign in to the AWS Management Console. You can also enable a single key for multiple IAM and root users across AWS accounts, making it easier to manage your MFA device for access to multiple users. AWS allows you to enable a YubiKey security key as the MFA device for your IAM users.
YubiKey security keys use Universal 2nd Factor (U2F), an open authentication standard that enables users to easily and securely access multiple online services using a single security key, without needing to install drivers or client software. Now you can enable a YubiKey security key (manufactured by Yubico, a third party provider) as your users’ MFA device. When MFA is enabled, AWS prompts users for their username and password (the first factor – what they know) and also provides an authentication challenge such as one-time passcode (OTP) to their MFA device (the second factor – what they have). Starting October 8, 2018, you can now enable other U2F security keys as an MFA device for your root and IAM users.ĪWS Identity and Access Management (IAM) best practice is to require all IAM and root users in your account to sign into the AWS Management Console with multi-factor authentication (MFA).
Update on October 8, 2018: After we launched support for security devices manufactured by Yubico on September 25, 2018, we received feedback from customers to support other U2F security key providers, as well. April 25, 2023: We’ve updated this blog post to include more security learning resources.
0 kommentar(er)
