Enable a passkey or security key for the Amazon Web Services account root user (console)
You can configure and enable a passkey for your root user from the Amazon Web Services Management Console only, not from the Amazon CLI or Amazon API.
To enable a passkey or security key for your root user (console)
-
Sign in to the IAM console
as the account owner by choosing Root user and entering your Amazon Web Services account email address. On the next page, enter your password. Note
As the root user, you can't sign in to the Sign in as IAM user page. If you see the Sign in as IAM user page, choose Sign in using root user email near the bottom of the page. For help signing in as the root user, see Signing in to the Amazon Web Services Management Console as the root user in the Amazon Sign-In User Guide.
-
On the right side of the navigation bar, choose your account name, and then choose Security credentials. If necessary, choose Continue to Security credentials.
-
On your root user My security credentials page, under Multi-factor authentication (MFA), choose Assign MFA device.
-
On the MFA device name page, enter a Device name, choose Passkey or Security Key, and then choose Next.
-
On Set up device, set up your passkey. Create a passkey with biometric data like your face or fingerprint, with a device pin, or by inserting the FIDO security key into your computer's USB port and tapping it.
-
Follow the instructions on your browser to choose a passkey provider or where you want to store your passkey to use across your devices.
-
Choose Continue.
You have now registered your passkey for use with Amazon. The next time you use your root user credentials to sign in, you must authenticate with your passkey to complete the sign-in process.
For help troubleshooting issues with your FIDO security key, see Troubleshooting FIDO security keys.