AWS Multi-party approval now requires one-time password verification for voting
AWS Multi-Party Approval now requires approvers to verify their voting actions with a one-time password (OTP) sent to their registered AWS Identity Center email address. This additional security layer prevents AWS IAM Identity Center administrators from bypassing multi-party approval controls by impersonating approvers through credential resets or authentication endpoint modifications. When approvers access the Approval Portal and attempt to cast their vote on protected operations, the system generates a six-digit verification code and sends it to their email. Approvers enter this code within 10 minutes to complete their vote, with up to three attempts allowed.
The OTP verification process activates only when approvers submit their vote decision, they can review all approval request details before verification is required. If approvers don't receive the email or the code expires, they can request a new code through the interface.
AWS Multi-party approval with OTP verification for voting is available in all AWS Regions where Mulit-party approval is offered at no additional charge. To learn more, visit the AWS Multi-party approval documentation