Menu
I already have Google authenticator installed in my iPhone and I'm using it to signin to my AWS root account. I want to add the ability to login with MFA using my Android phone as well, using a corresponding token-generator Android app.
Is it possible to add a second device and how exactly? Or is AWS root account MFA bind to one (virtual) device?
291
Get an MFA device such as one of the following. You can enable only one MFA device per AWS account root user or IAM user.
For a virtual MFA device, remove the account from your device. Then go to the AWS Security Credentials page and delete the old MFA virtual device entity before you create a new one. For a FIDO security key, go to the AWS Security Credentials page and deactivate the old FIDO security key before enabling a new one.
You can only have one MFA device tied to your root account. You would need to setup a separate IAM user account for your separate device.
From the FAQ:
Q. Can I have multiple authentication devices active for my AWS account? Yes. Each IAM user can have its own authentication device. However, each identity (IAM user or root account) can be associated with only one authentication device.
Update: So while it's not officially supported, here is one guy who claims he was able to register Google Authenticator on two devices by doing both at the exact same time with the same QR code. Granted he's not doing this with AWS, but it could be worth a try.
https://www.quora.com/Can-Google-Authenticator-be-used-on-multiple-devices
Update 2: I've started using Authy for MFA rather than Google Authenticator. One of the cool things Authy now supports is multi-devices for all your MFA tokens. I currently have my phone and my tablet setup with access to my AWS account using Authy Multi Device.
http://blog.authy.com/multi-device
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
