In this post I wanted to cover how to Activate U2F Fido Keys for AWS root account.

After logging if you click on IAM you will see the dashboard like below where 4 steps are not yet complete. We will complete those first steps and other post will cover the other steps such that we can have better security in our AWS account.

Activate MFA on your root account

AWS Security Status

We will now expand the second step and activate MFA

AWS Active MFA

Then you will be prompted for Security Creditials and click on it

Continue Security Credentials

Choose the MFA Tab and click on Active MFA

AWS Active MFA IAM Dashboard

I will use the U2F Yubikey option to activate my root account

Active MFA U2F

This will prompt for allowing the browser to access your key and since I am on windows it will also prompt for a non browser based prompt to allow it, once you plug in your yubikey then you can click the key icon.



Aws prompt u2f brower allow prompt


Aws prompt u2f windows prompt

Now your Admin account that was used for creating the AWS account is using U2F for authentication

AWS Setup U2F Complete


I hope this has helped in setting up U2F with your FIDO token to protect the root account, in other post we will cover the other 3 steps.