Amazon has supported the use of a hardware based MFA device. But the issue we have had as a firm that deals with many Amazon accounts, carrying 14 or more devices is just not practical.
So it was really awesome to see that Amazon released the ability to use virtual MFA Devices like the Google Authenticator. This is available for Android, Blackberry and the iPhone. Here is the iTunes link.
And it is really easy to setup. The following installation assumes you are using an iPhone, but I presume the other device steps are similar.
Note that I did use a one time test account so don’t bother trying to use any of the codes, or QR scans below!
Step 1. Create an IAM user (or if you already have one skip down to Step 2.)
… Set the User Name
… Download the Credentials for the user
… Assign the MFA to the User
Right click on the User
- Set the password if the user doesnt have one yet. Then go on to managing the MFA
- Select Manage MFA
… Select ‘Virtual Device’
… Read the Notice, and continue on to the QR Code
… On your iPhone: Add the Account Name and Scan the QR Code
Make sure the ‘Time Based’ Token is selected.
… Enter two consecutive authentication codes
… First Code on the Phone
- The first code, and
- Wait for it to change up
… Second Code on the Phone
Step 3. Test
Login to AWS using the userid and password (make sure you set a password using IAM)
…Get the Code from the Phone
… Enter the Code
And you are in using Multi-Factor Authentication!