In this post I wanted to cover how to Activate U2F Fido Keys for AWS root account.

After logging if you click on IAM you will see the dashboard like below where 4 steps are not yet complete. We will complete those first steps and other post will cover the other steps such that we can have better security in our AWS account.

Activate MFA on your root account

AWS Security Status

We will now expand the second step and activate MFA
AWSActiveMFA

AWS Active MFA

Then you will be prompted for Security Creditials and click on it
AWSActiveMFAContineSecurityCreds

Continue Security Credentials

Choose the MFA Tab and click on Active MFA
AWSActiveMFA-IAMDashboard

AWS Active MFA IAM Dashboard

I will use the U2F Yubikey option to activate my root account
AWSActiveMFA-U2F

Active MFA U2F

This will prompt for allowing the browser to access your key and since I am on windows it will also prompt for a non browser based prompt to allow it, once you plug in your yubikey then you can click the key icon.
YubiKey

YubiKey

Aws-prompt-u2f

Aws prompt u2f brower allow prompt

Aws-prompt-u2f-step2

Aws prompt u2f windows prompt

Now your Admin account that was used for creating the AWS account is using U2F for authentication
AWS-Setup-U2F-Complete

AWS Setup U2F Complete

Summary

I hope this has helped in setting up U2F with your FIDO token to protect the root account, in other post we will cover the other 3 steps.

Related posts:

  1. Use groups to assign permissions in AWS
  2. Apply an IAM password policy on AWS
  3. How to add AWS IAM users sign-in alias to console
  4. Create individual IAM users in AWS