Last updated: 27 Jul 2023

Setup a Yubikey

Setup as an MFA device for AWS

1. Download the Yubico Authenticator app to your computer (or mobile device, if your Yubikey supports NFC).
2. Sign in to the [gds-users AWS console][gds-users-aws-signin].
3. Select the IAM service.
4. Select Users in the left hand menu and enter your name.
5. Select the link for your email address.
6. Select the Security credentials tab.
7. Select Manage, which is next to Assigned MFA device.
8. Specify your email address as the MFA device name
9. Select “Authenticator app”, not “Security Key”
10. When asked to scan the QR code with your mobile device, open the Yubico Authenticator app and use that to scan the QR code. The MFA code will now be present on your Yubikey.
11. Configure gds-cli to use the YubiKey:

gds config yubikey true

More in the Security section

How to...

• Block access to arbitrary URLs in the GOV.UK estate
• Content Security Policy on GOV.UK
• Pentests
• Web Application Firewall (WAF) configuration