AWS Console Mobile Application FAQs

Q: How do I sign in?

The Console Mobile Application supports several authentication methods, including owner/root credentials, IAM user credentials, and federated login via AWS Single Sign-On, Microsoft Active Directory and third-party identity providers. An owner account is the AWS login that created the account. An IAM user is an identity that has been created by an administrator through the IAM service. Note that IAM users need to also provide their account alias, which can be found at the top of the Management Console sign-in screen. We recommend using either IAM user credentials or a federated role to log in to the Console Mobile Application.

For security reasons, we recommend that you secure your device with a passcode and that you follow an AWS best practice by creating and using an IAM user's credentials to sign in to the app. If you lose your device, an IAM user can be deactivated to prevent unauthorized access. Root accounts cannot be deactivated.

Click here to learn more about the different types of AWS security credentials.

Q: Can I sign-in with biometric authentication?

You can setup biometrics authentication on supported iOS and Android devices running Console Mobile Application v2.0+.

Q: Which password managers does the AWS Console Mobile App support?

The AWS Console Mobile App supports password managers that are integrated with the mobile operating systems maintained by Apple (iOS) and Google (Android). E.g., iCloud Passwords and Keychain, Google Chrome Password Manager, Samsung Pass, etc.

Q: What hardware authenticators does the AWS Console Mobile App support for MFA?

The AWS Console Mobile App supports all FIDO certified hardware authenticators (E.g., YubiKey) for MFA. Click here for a complete list of FIDO certified hardware authenticators.

Q: Which software authenticators does the AWS Console Mobile App support for MFA?

The AWS Console Mobile App supports software authenticators such as Google Authenticator, Microsoft Authenticator, and LastPass Authenticator. Click here for a full list of supported software authenticators.

Q: What if my organization’s mobile device management policy does not allow the use of password managers or auto-fill?

If your organization does not allow the use of password managers or auto-fill, then you will need to sign in to your AWS identity in the AWS Console Mobile App by entering your AWS identity’s password.

Q: Can I assume IAM roles?

Yes, on iOS and Android V2.0+.

Q: Where can I download the app?

Download the Console Mobile Application from the Apple App Store, the Google Play Store, or the Amazon App Store.

Q: What versions of iOS and Android are supported?

iOS 14.0+ and Android 8.0+ are supported.

Q: Does the Console Mobile application support tablets?

The Console Mobile application is optimized for iOS and Android mobile devices with a screen size < 7”, however it works on larger mobile screen sizes as well.

Q: Can I view my current AWS usage charges?

Yes, you can view your current usage charges in the Console Mobile Application. Simply visit your Billing Preferences page and select the checkbox to Receive Billing Alerts. In order to view usage charges, your identity must have permission to view CloudWatch.

Q: Is MFA supported?

Yes. We recommend using either a hardware MFA device or a virtual MFA on a separate mobile device for the greatest level of account protection.

Q: Can I create resources?

Currently the only way to create resources from the mobile app is to do so through the AWS CloudShell service using the AWS Command Line Interface (AWS CLI). Otherwise, you can view and sometimes modify resources within the app's graphical user interface, however you cannot create resources through the graphical user interface.

Q: Can I download S3 objects?

You can use The Console Mobile Application to generate a pre-signed URL for an S3 object. A pre-signed URL grants time-limited permission to download the object. Read more about pre-signed URLs here.

In order to open a pre-signed URL for an S3 object in your device's browser, use the app to navigate to the S3 object's detail page and tap "View in browser". Your device configuration will determine what actions are possible with the object.

Q: I lost my mobile device. What should I do?

We strongly recommend that in addition to using a password or biometric lock on your mobile device, you use an IAM user to manage AWS resources. If you lose your mobile device, you can remove the IAM user's access.

Q: Can I provide feedback?

Yes. Click the Feedback button in the Console Mobile Application's menu. We’re eager to hear about your experience.