You should be using the OIDC login method most of the time for MFA, and not their built-in MFA.
I’m unsure if the equivalent software is worth the price when compared to Vault and not sure I can seriously suggest anything else even if I hate this new license.
You can use a mix of secrets manager and certificate manager products in AWS and accomplish essentially the same things Vault promises for much cheaper (and easier to manage).
I’m underselling of course the vast capabilities of vault. but most companies don’t need those advanced features, and they don’t really sell them, they sell and lock you into features that once you implement are going to become an extraodinary hurdle to migrate out of.
On the oidc - yes we were using okta as that. but at some point mid-contract the “okta” management features that connected to it became enterprise only, and we had reasoned that if we didnt need more advanced features (dr, replication) we could go back to OSS when we wanted. In fact that was even told to us, until that was no longer the case.
AWS Secrets Manager was so easy to setup. With implicit auth using IAM roles on our EC2s and the aws sdk I was able to add secrets support in literally a day for all our services.
You should be using the OIDC login method most of the time for MFA, and not their built-in MFA.
I’m unsure if the equivalent software is worth the price when compared to Vault and not sure I can seriously suggest anything else even if I hate this new license.