HowTo: Use the Google Authenticator as a virtual MFA Device on the Amazon AWS Console

Amazon has supported the use of a hardware based MFA device. But the issue we have had as a firm that deals with many Amazon accounts, carrying 14 or more devices is just not practical.

Hardware-MFA

So it was really awesome to see that Amazon released the ability to use virtual MFA Devices like the Google Authenticator. This is available for Android, Blackberry and the iPhone. Here is the iTunes link.

Using-Google-Authenticator-with-Amazon-AWS

And it is really easy to setup. The following installation assumes you are using an iPhone, but I presume the other device steps are similar.

Note that I did use a one time test account so don’t bother trying to use any of the codes, or QR scans below!

Step 1. Create an IAM user (or if you already have one skip down to Step 2.)

Step-1a-Create-an-IAM-user-(or-if-you-already-have-one-skip-down-to-Step-2)

… Set the User Name

Step-1b-Set-the-User-Name

… Download the Credentials for the user

Step-1c-Download-the-Credentials-for-the-user

… Assign the MFA to the User

Right click on the User

  1. Set the password if the user doesnt have one yet. Then go on to managing the MFA
  2. Select Manage MFA

Step-2a-Assign-the-MFA-to-the-User

… Select ‘Virtual Device’

Step-2b-Select-Virtual-Device

… Read the Notice, and continue on to the QR Code Step-2c-Read-the-Notice,-and-continue-on-to-the-QR-Code

… On your iPhone: Add the Account Name and Scan the QR Code

Make sure the ‘Time Based’ Token is selected.

Step-2d-On-your-iPhone-Add-the-Account-Name-and-Scan-the-QR-Code

… Enter two consecutive authentication codes

Step-2e-Enter-two-consecutive-authentication-codes

… First Code on the Phone

  1. The first code, and
  2. Wait for it to change up

First-Code-on-the-Phone

… Second Code on the Phone

Second-Code-on-the-Phone

Step 3. Test

Login to AWS using the userid and password (make sure you set a password using IAM)

Step-3a-Test

…Get the Code from the Phone Step-3b-Get-the-Code-from-the-Phone

… Enter the Code

Step-3c--Enter-the-Code

And you are in using Multi-Factor Authentication! And-you-are-in-using-Multi-Factor-Authentication!!


Comments

comments powered by Disqus