AWS Multi-Factor Authentication
AWS Multi-Factor Authentication (AWS MFA) is an additional layer of security that offers enhanced control over your AWS account settings. It is an opt-in account feature that requires a valid six-digit, single-use code from an authentication device in your physical possession in addition to your standard AWS account credentials before access is granted to your AWS account settings.
AWS MFA uses an authentication device that continually generates random, six-digit authentication codes solely for your use. Once you enable AWS MFA, every time somebody tries to sign in to your secure pages on the AWS Portal or AWS Management Console, access will only be granted after the correct Amazon email-id and password (the first “factor”: something you know) and the precise code from your authentication device (the second “factor”: something you have) are provided. This multi-factor authentication provides even greater protection for your AWS account, including extra protection of sensitive information such as your AWS access identifiers and critical actions such as changing your AWS infrastructure service subscriptions. AWS MFA extends this protection to the AWS Management Console so that your AWS resources, such as Amazon Elastic Compute Cloud (Amazon EC2) instances or Amazon CloudFront distributions, cannot be modified without multi-factor authentication. You can also use AWS MFA in conjunction with Amazon S3’s Versioning capability for additional protection of your Amazon S3 stored versions.
It is easy to obtain an authentication device from a participating third party provider and to set it up for use via the AWS website.
Quick Start:
1. Purchase Device
2. Enable AWS MFA
3. Use AWS MFA
1. Purchase Device
Get an authentication device compatible with AWS MFA from Gemalto, a third party provider
2. Enable AWS MFA
Opt-in to AWS MFA by activating your Gemalto Ezio device
3. Use AWS MFA
Sign in to AWS using your password and authentication code
AWS MFA is designed to be:
You can enable AWS MFA with three easy steps:
- Secure – Provides an additional, opt-in layer of security.
- Simple – Easy to obtain your authentication device, enable it, and begin using it with your AWS account.
- Cost Effective – Once you purchase your authentication device, there is no fee for using AWS MFA.
You can enable AWS MFA with three easy steps:
1. Purchase Device: get an authentication device compatible with AWS MFA
2. Enable AWS MFA: opt-in to the feature by activating your authentication device
3. Use AWS MFA: sign in to AWS using your password and authentication code
Get additional information about Amazon Multi-Factor Authentication by viewing the AWS MFA FAQs.
Purchase Device
You can currently obtain authentication devices compatible with AWS MFA from Gemalto, a world leader in digital security.
Gemalto currently offers the Ezio* Time Token hardware device — compact, lightweight, and designed to be carried as a key fob. It is based on the OATH standard for Time-based One-Time Passwords. Click on the button below to obtain your device from the Gemalto website.
*Ezio is a registered trademark of Gemalto, Inc.
Enable AWS MFA
Once you have your compatible authentication device, simply click on the corresponding button below to activate it with AWS.
Use AWS MFA
Once you enable AWS MFA, every time somebody tries to sign in to your secure pages on the AWS Portal or AWS Management Console, access will only be granted after the correct Amazon email-id and password are provided on the “Amazon Web Services Sign In” page and the precise code from your authentication device is provided on the following “Sign In With Authentication Code” page.
Amazon Web Services Sign In page:
- Enter the email address associated with your account
example: yourname@email.com - In the password field, enter your existing password.
example: secret
Sign In With Authentication Code page:
- Enter your six digit authentication code
example: 123456
©2010, Amazon Web Services LLC or its affiliates. All rights reserved.
