Our Blog

AWS Backup adds OTP verification for Multi-party approval on logically air-gapped vaults

Published
May 27, 2026
https://aws.amazon.com/about-aws/whats-new/2026/05/aws-backup-otp-multi-party-approval-lag/

AWS Backup Multi-party Approval Updates

AWS Backup now requires one-time password (OTP) verification when approvers vote on Multi-party approval actions for logically air-gapped vaults. When an approver votes on a Multi-party approval request, they must enter a six-digit code sent to their registered email address in AWS IAM Identity Center. This ensures that only verified approvers can authorize protected vault operations, adding an additional layer of security for approval teams. OTP verification applies automatically to all existing and new Multi-party approval sessions for logically air-gapped vaults at no additional charge, with no setup required.

What to do

  • Ensure your team is aware of the new OTP verification requirement for Multi-party approval actions.
  • Verify that your team members have registered email addresses in AWS IAM Identity Center.
  • Review the updated documentation for more details.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/10/aws-cloud-map-cross-account-gov-cloud

AWS Cloud Map supports cross-account workloads in AWS GovCloud (US) Regions

AWS Cloud Map now supports cross-account service discovery through integration with AWS Resource Access Manager (AWS RAM) in AWS GovCloud (US) Regions
Read more
https://aws.amazon.com/about-aws/whats-new/2026/03/aws-private-ca-connector-scep-privatelink/

AWS Private CA Connector for SCEP now supports AWS PrivateLink

AWS Private CA Connector for SCEP now supports AWS PrivateLink, allowing your clients to request certificates from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet
Read more
https://aws.amazon.com/about-aws/whats-new/2026/03/amazon-s3-account-regional-namespaces/

Amazon S3 introduces account regional namespaces for general purpose buckets

You can now create Amazon S3 general purpose buckets in your own reserved namespace, eliminating the need to find globally unique bucket names and making it easier to build workloads that utilize a bucket per customer, team, or dataset
Read more
View all