Posted On: Sep 25, 2018

Now, you can allow easy authentication for your users by enabling YubiKey security key as your users’ MFA device. You can enable a single YubiKey security key (manufactured by Yubico, a third party provider) for multiple IAM and root users across AWS accounts making it easier to manage your MFA devices for access to multiple users. You can also use your existing YubiKey, which you use to authenticate to other third-party applications such as GitHub or Dropbox, to sign in to the AWS Management Console

You can enable YubiKey as MFA for your IAM users using the IAM console and for your root users using the Security Credentials page. When you enable YubiKey as MFA, AWS prompts you for your username and password (the first factor – what you know) and also provides an authentication challenge to your YubiKey (the second factor – what you have) when you sign in to the AWS Management Console. You can successfully complete the authentication challenge by simply touching the button or gold disk on your YubiKey. For more information on how to enable and sign in using YubiKey, please read Use YubiKey security key to sign into AWS Management Console with YubiKey for multi-factor authentication.

AWS support for YubiKey as a MFA device is available in US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), EU (London), EU (Frankfurt), EU (Ireland), EU (Paris), and South America (São Paulo) public AWS regions.