I definitely wasn’t grokking that, because the prior commenter never mentioned AWS Identity Center, and instead linked to STS, which works how I described (you can’t use FIDO MFA for the authentication of the call that gives you your short-lived session creds).
replyI’m excited to see that Identity Center supports FIDO2 for this use case.
You weren't grokking it because I was hasty (and tired) and provided the wrong link. My bad!
reply