| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Enabling a Hardware MFA Device for Use with AWS
You can enable a hardware MFA device using the AWS Management Console, the command line, or the IAM API. The following procedure shows you how to use the AWS Management Console to enable the device for a user under your AWS account. To enable an MFA device for your root account, see Enabling a Hardware MFA Device for Your AWS Root Account.
Note
If you want to enable the device from the command line, use iam-userenablemfadevice, described in the
AWS Identity and Access Management Command Line Interface Reference. To enable the MFA device
with the IAM API, use the EnableMFADevice action, described in the
AWS Identity and Access Management API Reference.
Enabling a User's Hardware MFA Device
To use IAM in the AWS Management Console to enable a hardware MFA device for a user
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
On the Navigation pane, choose Users.
Select the user you want to enable an MFA device for, and then click Manage MFA Device.
Enter the device serial number. The serial number is usually on the back of the device.
In the Authentication Code 1 box, type the six-digit number displayed by the MFA device. You might need to press the button on the front of the device to display the number.
Wait 30 seconds while the device refreshes, and then type the next six-digit number into the Authentication Code 2 box. You might need to press the button on the front of the device again to display the second number.
Click Associate MFA.
The device is ready for use with AWS. For information about using MFA with the AWS Management Console, see MFA Devices and Your IAM-Enabled Sign-in Page.
Enabling a Hardware MFA Device for Your AWS Root Account
To enable the MFA device for your AWS account
Use your root credentials to sign in to the AWS Management Console, then go to the IAM console.
Important
To manage MFA devices for the AWS account, you must sign in to AWS using your root account credentials. You cannot manage MFA devices for the root account using other credentials.
From the IAM Dashboard, click Manage MFA Device. This starts the Manage MFA Device wizard.
In the wizard, select A hardware MFA device, and then click Continue.
To complete the remainder of this process, you need to go to the AWS portal. To go to the portal, click Click here to enable your device.
In the Serial Number box, enter the serial number displayed on the back of the MFA device. Re-enter the serial number in the Re-Enter Serial Number box.
In the Authentication Code 1 box, type the six-digit number displayed by the MFA device. You might need to press the button on the front of the device to display the number.
Wait 30 seconds while the device refreshes, and then type the next six-digit number into the Authentication Code 2 box. You might need to press the button on the front of the device again to display the second number.
Click Activate Authentication Device. The MFA device is now associated with the AWS Account.
In the AWS Management Console, click Close to close the confirmation dialog box.
The next time anyone signs in using the AWS account credentials, they will need to enter a code from the MFA device.
For information about using MFA with the AWS Management Console, see MFA Devices and Your IAM-Enabled Sign-in Page.
