Amazon recently announced improved support for using FIDO2 security keys as an MFA device to log on to the Amazon Web Services (AWS) console. As a result, FIDO2 security keys like the YubiKey are now supported on AWS GovCloud (US region) – providing phishing-resistant MFA for all users.
Additionally, AWS has improved their support for device attestation in all regions – including supporting IAM policies that can be used to enforce enrollment with FIPS-certified or FIDO Alliance-certified devices. The YubiKey 5 FIPS series, which are both FIPS 140-2 validated and FIDO Level 2 certified, provide the highest level of security and compliance needs.
This news means that however you access the AWS console – either via a root account, an IAM user, commercial or government cloud, a desktop or a supported mobile platform – you can secure your access with an easy-to-use, phishing-resistant FIDO2 security key. AWS even supports enrolling a FIDO2 credential on behalf of another user for organizations that need extra control over their AWS console credentials.
If you have a YubiKey and an AWS account in a standard AWS region, we recommend registering an additional YubiKey today (accounts in standard regions support up to 8 MFA devices per user). AWS GovCloud currently only supports a single MFA device per user, but we anticipate support for multiple security keys in the future as this is provided in standard AWS regions today.
To order a YubiKey today, visit Yubico’s store or purchase from Amazon.com and protect your AWS access with phishing-resistant MFA. Find out which YubiKeys are right for you and your business, check out our quiz here.