Amazon Web Services announces support for FIDO2 security keys

Amazon recently announced improved support for using FIDO2 security keys as an MFA device to log on to the Amazon Web Services (AWS) console. As a result, FIDO2 security keys like the YubiKey are now supported on AWS GovCloud (US region) – providing phishing-resistant MFA for all users. 

Additionally, AWS has improved their support for device attestation in all regions – including supporting IAM policies that can be used to enforce enrollment with FIPS-certified or FIDO Alliance-certified devices. The YubiKey 5 FIPS series, which are both FIPS 140-2 validated and FIDO Level 2 certified, provide the highest level of security and compliance needs.

This news means that however you access the AWS console – either via a root account, an IAM user, commercial or government cloud, a desktop or a supported mobile platform – you can secure your access with an easy-to-use, phishing-resistant FIDO2 security key. AWS even supports enrolling a FIDO2 credential on behalf of another user for organizations that need extra control over their AWS console credentials.

If you have a YubiKey and an AWS account in a standard AWS region, we recommend registering an additional YubiKey today (accounts in standard regions support up to 8 MFA devices per user). AWS GovCloud currently only supports a single MFA device per user, but we anticipate support for multiple security keys in the future as this is provided in standard AWS regions today.

——

To order a YubiKey today, visit Yubico’s store or purchase from Amazon.com and protect your AWS access with phishing-resistant MFA. Find out which YubiKeys are right for you and your business, check out our quiz here

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST