AWS Identity and Access Management
User Guide

PREVIEW - Enabling SMS Text Message MFA Devices

Sign up for Preview Program

SMS MFA is currently available only as a preview program. It is available to anyone who signs up to participate. To sign up, follow the instructions on the Multi-factor Authentication details page.

An SMS MFA device can be any mobile device with a phone number that can receive standard SMS text messages. When an MFA code is needed, AWS sends it to the phone number that is configured for the IAM user.


SMS MFA can be used only with IAM users. It cannot be used with the AWS account root user. To protect the root user with MFA, you must use either a hardware-based or virtual (software-based) MFA token device.

Enable an SMS MFA Device for an IAM User (AWS Management Console)


Currently, you can manage SMS MFA only in the AWS Management Console.

You can use IAM in the AWS Management Console to configure an IAM user with a phone number to enable SMS MFA.

To enable SMS MFA for an IAM user (console)

  1. Sign up for the preview of the SMS MFA feature. To sign up, follow the instructions on the Multi-factor Authentication details page.

  2. Sign in to the AWS Management Console and open the IAM console at

  3. In the navigation pane, choose Users.

  4. In the User Name list, choose the name (not the check box) of the intended MFA user.

  5. Scroll down to the Security credentials section. Next to Assigned MFA device, choose the pencil icon ( ).

  6. In the Manage MFA Device wizard, choose An SMS MFA device, and then choose Next Step.

  7. Enter the phone number to which you want to send MFA codes for this IAM user, and then choose Next Step.

  8. A six-digit authentication code is immediately sent to the specified phone number for verification. Type the six-digit code and then click Next Step. If the code does not arrive in a reasonable amount of time), choose Resend Code. Note that SMS is not a service with a guaranteed delivery time.

  9. If AWS successfully verifies the code, the wizard ends. Choose Finish to close the wizard.

Change the Phone Number for SMS MFA for an IAM User

To change the phone number of the SMS MFA device assigned to an IAM user, you must delete the current MFA device. Then create a new device with the new phone number. To delete the device, see Deactivating MFA Devices. To create a new device, see the previous procedures in this topic.