AWS still puzzles me at times. While the range of products and services is so huge and there is hardly something you cant accomplish with AWS at hand, still you find little gaps which can annoy, see my earlier discussion around VPC and VPN.
I though every service would be accessible through the admin console. While looking for an alternative to place log data I came across AWS SimpleDB, just to learn there is no function in the web admin console to control it. I even created a support issue believing the service was not enabled for my account. You have to go through local html files (aka scratchpad) to access the console.
While I can handle the above case, I cant appreciate the approach AWS chooses with the MFA they actively promote. Is a very good feature and you can opt for a hardware based MFA or a bit simlpler, with the virtual device. But here comes the contradiction, due to geo restrictions you cant download the AWS MFA app to your Android device if you dont have an US AWS account. Seriously, how much sense does this make ? I confirmed this with the AWS support.
You could go for an alternative solution with the Google Authenticator, but this creates a dependency to another third part which I am not willing to add, my “contract” is between AWS and me.
Is it related to this: http://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States ?