In this post I wanted to cover how to Activate U2F Fido Keys for AWS root account.
After logging if you click on IAM you will see the dashboard like below where 4 steps are not yet complete. We will complete those first steps and other post will cover the other steps such that we can have better security in our AWS account.
Activate MFA on your root account
AWS Security Status
We will now expand the second step and activate MFA
AWS Active MFA
Then you will be prompted for Security Creditials and click on it
Continue Security Credentials
Choose the MFA Tab and click on Active MFA
AWS Active MFA IAM Dashboard
I will use the U2F Yubikey option to activate my root account
Active MFA U2F
This will prompt for allowing the browser to access your key and since I am on windows it will also prompt for a non browser based prompt to allow it, once you plug in your yubikey then you can click the key icon.
YubiKey
Aws prompt u2f brower allow prompt
Aws prompt u2f windows prompt
Now your Admin account that was used for creating the AWS account is using U2F for authentication
AWS Setup U2F Complete
Summary
I hope this has helped in setting up U2F with your FIDO token to protect the root account, in other post we will cover the other 3 steps.