How to add a Second MFA device?


Hello, Now that AWS has announced that they support multiple MFA devices, how do I go about actually adding one? When I click on Manage MFA device for my IAM user, I don't get any option to add a new MFA device. Enter image description here

  • Currently it looks like it's available in some AWS Accounts but not all of them.

  • Same problem. But only on my older accounts. The newer accounts do have the option to add multiple MFA devices.

  • We are also seeing this issue on all of our IAM users, even when testing with the broadest IAM policy we're unable to add a second MFA for ourselves or another user.

  • We're seeing the same issue on one of our accounts. All of our other accounts are working fine. We even tried the IAM policy change from the answer below.

asked 17 days ago151 views
2 Answers

The policy that allows MFA to be configured uses the ${aws:username} variable and needs to be changed. Change "arn:aws:iam::*:mfa/${aws:username}" to "arn:aws:iam::*:mfa/*" to allow secondary MFA devices to be registered.

profile picture
answered 17 days ago
  • In my environment, the MFA device registration button appears after reloading the management console several times, perhaps because it is still cached.

    If you have any other issues, please check if they are restricted by Permission Boundary or SCP in AWS Organizations. Additionally, make sure the account you are using is not for the AWS GovCloud (US) Region or AWS China Region.

  • This is not a good policy change to make. I just tested and verified that it grants access for all users to manage any user's MFA devices.


According to AWS-support "not all accounts are yet eligible"

profile picture
answered a day ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions