unable to assume role after enforcing MFA policy

回眸只為那壹抹淺笑 提交于 2019-12-25 01:38:39

问题


I created a new policy to enforce IAM user to setup MFA using the policy in this link https://docs.aws.amazon.com/en_pv/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html

Now the IAM user has AdministratorAccess already..so now with applying this force MFA policy now the user has 2 policies attached. The AWS managed policy AdministratorAccess and the new Managed policy i created Force_MFA

now when i try to run ansible iwth module https://docs.ansible.com/ansible/latest/modules/sts_assume_role_module.html that normally worked before attaching the Force_MFA policy now i get error that says i can not assume role of other accounts. When i remove the Force_MFA policy then it works again.

Where is the problem coming from. Is this issue with the policy or with ansible? Is this Force_MFA policy not working as expected? It supposed to let me do other things if MFA is enabled but in asnible it does not but in GUI i can switch roles and it works fine. Just that ansible playbooks now fail and complain i cant assume role.

Mind you i already enabled MFA for this IAM user and i can assume and switch accounts in dashboard BUT when i try to do that in ansible i get boto error saying i can not assume role

Any help will be appreciated.

If you need to post anything to help let me know and i will post.


回答1:


According to comment made by @Zeitounator i add to add mfa_serial_number and mfa_token options as required for the sts_assume_role here

worked after that



来源:https://stackoverflow.com/questions/58349939/unable-to-assume-role-after-enforcing-mfa-policy

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!