How to use Google Authenticator as a virtual MFA device on AWS Console.

aws-logoIf you are managing several AWS accounts for your customers, then remembering all the password for these AWS accounts is a very difficult task. In my case I am storing all the passwords in my browser cache. But it is very risky isn’t it? Anybody can access the accounts when you are not in your seat. AWS is providing a facility called “MFA” (Multi-Factor-Atuthentication) to secure the accounts. If your account is enabled with MFA device then you have to provide the one time password along with your user name and password during login to your AWS console. Again it is a very hard task to keep the hardware MFA devices in the pocket for every account. It’s really very amazing that Amazon released the ability to use Virtual MFA devices like Google Authenticator. In this article I will show, how to create an user account with Virtual MFA (Google Authenticator) enabled.

How to add an User Account on AWS Console:

After login to user AWS console go to main Dashboard then Click on IAM as shown in the below image.


Then Click on “Users” > “Create New User” > Enter User Name > Click on “Generate an access key for each user” if you want to provide REST access to the user > Create. Follow the steps as shown in the below image.


Right Click on the user name > Click on the “Manage Password”. Image given below:


Enter your desired Password and click on “Apply”.


As per the above example now the user “Tapas” should able to login to the AWS console using his username and password.


How to add MFA device for a user on AWS console:

After creating the user now we will enable Virtual MFA device for the user. Right Click on the user and click on “Manage MFA device”


Select “A virtual MFA device” and click on “Continue”.


Click “Continue” on the next message screen if you have Google Authenticator installed on your smartphone. Else install it on your device.

After installing the Google Authenticator on your smart phone Scan the barcode from your monitor screen. Enter two consecutive authentication codes and press “Continue” as shown in the below iamge.


Now whenever the user will try to login to the AWS console it will ask him for a one time password along with the IAM user name and password. Have fun with your secured console.

The following two tabs change content below.

Tapas Mishra

Sr. Engineer (DevOps)
Loves to work on Opensource products. Having experience on Linux environment. Knowledge on Public cloud services like AWS, Rackspace, DigitalOcean, Linode. Please don't hesitate to give a comment on the posts. Your comments are my strength.

Leave a Reply