Outside of AWS IAM Identity Center, does AWS support FIDOs/WebAuthn protocols for MFA, such as for Yubikeys when you access Workspaces?

My specific use case is to enforce a Yubikey hard-token when I use an AWS Workspaces client to login to a workspace. It seems like the only way to have FIDO2/WebAuthn supported (versus TOTP) is to use IAM Identity Center (which was formerly AWS SSO?). Other similar use cases would be FIDO2/Webauthn support for the CLI and Workspaces, does that require using IAM Identity Center (AWS SSO)?

Hopefully that makes sense! Please let me know if you need more details!