You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the current version of aws-mfa, the user must define in the options both the profile name and the MFA ARN.
Since the MFA ARN should already be configured in the aws config file under the profile, aws-mfa should be able to get the MFA ARN from there.
Suggestion for implementation:
IF MFA ARN is given in the option, use it
ELSE IF try to dig the ARN from the config file
ELSE exit with an error saying that no MFA could be found.
The last part is there because with the current version it is possible to generate temporary credentials without using an MFA token. If AWS policies mandate the use of MFA for an action, using the generated credentials for that action will result in a "Permission denied" error. Since aws-mfa is meant for MFA users, there's no need for it to generate non-MFA credentials.
The text was updated successfully, but these errors were encountered:
With the current version of aws-mfa, the user must define in the options both the profile name and the MFA ARN.
Since the MFA ARN should already be configured in the aws config file under the profile, aws-mfa should be able to get the MFA ARN from there.
Suggestion for implementation:
The last part is there because with the current version it is possible to generate temporary credentials without using an MFA token. If AWS policies mandate the use of MFA for an action, using the generated credentials for that action will result in a "Permission denied" error. Since aws-mfa is meant for MFA users, there's no need for it to generate non-MFA credentials.
The text was updated successfully, but these errors were encountered: