Actually in this case it's likely AWS is also responsible for having trash 2fa restrictions. AWS will only allow you to setup one single 2fa method.

If you register with a yubikey, you can't register a 2nd yubikey as backup, nor can you register an authenticatior(TOTP) as a backup.