DEV Community

Cover image for How to Secure Your AWS Account Using a Hardware security key [YubiKey]

How to Secure Your AWS Account Using a Hardware security key [YubiKey]

I have set up Single Sign-On (SSO) for my personal AWS account, which is great because it allows me to effortlessly switch between AWS accounts while doing podcasts, live demos, or learning. I recently purchased a YubiKey from https://www.yubico.com/ to secure my personal AWS Account. You might be wondering why it's necessary to secure your AWS Account. It's important to keep your account secure regardless of whether you're using it for learning or production purposes.

AWS provides several options for setting up a MFA device. In this article, I will demonstrate how to easily configure Yubikey for SSO user log in in AWS.

  • Authenticator App
    • Google Authenticator, Authy, or other similar apps for two-factor authentication.

Please ensure that you have already enabled this feature.

This is what I bought from https://www.yubico.com/nz/product/yubikey-bio-series/yubikey-c-bio/

Image description

Let's get started

Image description

  • Log in to AWS SSO

Image AWS SSO Log in

  • Click the MFA Devices and click Register device

Image description

  • Select Security key and click Next

Image description

  • Insert the YubiKey into the USB port and touch the fingerprint reader (If you are using the same version), I bought a USB C Bio version. Allow the site to access the Key.

Image description

  • Enter the PIN "When setting up your YubiKey for the first time, you must create a secure PIN"

Image description

  • Touch the key again to complete the setup

Image description

  • Yay!! The security key has been registered successfully.

Image description

  • I can see that a new security key has been added to the MFA devices.

Image description

Let's log in back to the AWS SSO

  • After you enter your username and password, it will display a prompt that looks like this.

Image description

  • Plug the key and touch the fingerprint sensor

Image description

Conclusion

WebAuthn is a highly secure authentication method. By using a hardware security key, you can make log in to and securing your AWS account much easier. In this article, I have demonstrated how to secure your AWS SSO log in using hardware security key (YubiKey). However, you can also use a hardware security key to secure your IAM access.

Top comments (0)