Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mfa_serial does not work with U2F #4094

Closed
jr42 opened this issue Apr 23, 2019 · 7 comments
Closed

mfa_serial does not work with U2F #4094

jr42 opened this issue Apr 23, 2019 · 7 comments
Assignees
Labels
dependencies This issue is a problem in a dependency. feature-request A feature should be added or improved.

Comments

@jr42
Copy link

jr42 commented Apr 23, 2019

When configuring a profile with MFA like this:

[profile myprofile]
role_arn = arn:aws:iam::123456789012:role/MyRole
source_profile = default
region = eu-west-1
mfa_serial = arn:aws:iam::123456789012:u2f/user/myuser/default-qwertzuioplkjhgfdsa

and try to assume the role I get this when pasting the U2F token by long-pressing my Yubikey:

T:\>aws --profile myprofile ec2 describe-regions
Enter MFA code for arn:aws:iam::123456789012:u2f/user/myuser/default-qwertzuioplkjhgfdsa:

An error occurred (ValidationError) when calling the AssumeRole operation: 2 validation errors detected: Value 'eifjccgncvncgfkjgjtjbfjilgtjrjbvgbvelhivvjlt' at 'tokenCode' failed to satisfy constraint: Member must have length less than or equal to 6; Value 'eifjccgncvncgfkjgjtjbfjilgtjrjbvgbvelhivvjlt' at 'tokenCode' failed to satisfy constraint: Member must satisfy regular expression pattern: [\d]*

Validatation should be extended to support U2F tokens.

@swetashre swetashre self-assigned this Apr 23, 2019
@swetashre
Copy link

swetashre commented Apr 24, 2019

@jr42 - Thank you for your post. According to our documentation using U2F security keys for MFA is not currently supported in the AWS CLI and AWS API, or for access to MFA-protected API operations.

This feature would have to be first supported by API before it can be implemented in the CLI. Marking this as a feature request with a dependency.
We will close this issue for now until the API supports it .

@swetashre swetashre added feature-request A feature should be added or improved. dependencies This issue is a problem in a dependency. labels Apr 24, 2019
@isarang
Copy link

isarang commented Feb 8, 2021

Any update or anyone in AWS followed up on this?

@fstephany
Copy link

@isarang It seems that this is a duplicate of #3607
And nothing has moved since ages.

@debek
Copy link

debek commented Apr 6, 2022

Ohh my god. How it is possible :/

@staenker
Copy link

staenker commented Jun 1, 2022

@[swetashre](https://github.com/swetashre) swetashre closed this as [completed]
I just hope this was an honest mistake and not your general approach to a definition of done|completed ...

@igor-nesterov-deltatre
Copy link

Any updates?

@mgrobaker
Copy link

mgrobaker commented Apr 12, 2023

I found this other issue that is open is related to U2F:
U2F Support · Issue #3607

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies This issue is a problem in a dependency. feature-request A feature should be added or improved.
Projects
None yet
Development

No branches or pull requests

8 participants