HowTo: Use the Google Authenticator as a virtual MFA Device on the Amazon AWS Console

Amazon has supported the use of a hardware based MFA device. But the issue we have had as a firm that deals with many Amazon accounts, carrying 14 or more devices is just not practical.


So it was really awesome to see that Amazon released the ability to use virtual MFA Devices like the Google Authenticator. This is available for Android, Blackberry and the iPhone. Here is the iTunes link.


And it is really easy to setup. The following installation assumes you are using an iPhone, but I presume the other device steps are similar.

Note that I did use a one time test account so don’t bother trying to use any of the codes, or QR scans below!

Step 1. Create an IAM user (or if you already have one skip down to Step 2.)


… Set the User Name


… Download the Credentials for the user


… Assign the MFA to the User

Right click on the User

  1. Set the password if the user doesnt have one yet. Then go on to managing the MFA
  2. Select Manage MFA


… Select ‘Virtual Device’


… Read the Notice, and continue on to the QR Code Step-2c-Read-the-Notice,-and-continue-on-to-the-QR-Code

… On your iPhone: Add the Account Name and Scan the QR Code

Make sure the ‘Time Based’ Token is selected.


… Enter two consecutive authentication codes


… First Code on the Phone

  1. The first code, and
  2. Wait for it to change up


… Second Code on the Phone


Step 3. Test

Login to AWS using the userid and password (make sure you set a password using IAM)


…Get the Code from the Phone Step-3b-Get-the-Code-from-the-Phone

… Enter the Code


And you are in using Multi-Factor Authentication! And-you-are-in-using-Multi-Factor-Authentication!!


comments powered by Disqus