To run "aws sts get-session-token" command, I need to provide the AWS profile. To provide the AWS profile I need to store the "aws_access_key_id" and "aws_secret_access_key" under the credential file on my local machine. Then what is the point of using temporary credential with MFA from the same machine where information for Access key is already stored!!. How does this makes it more secure?
I don't see an option to create Access Key with limited permission where only "sts get-session-token" is allowed, in which case I can use that Access Key on my machine to first get temporary credentials and then use those temporary creds to access other resources.
I found the answer to my confusion when looking at https://repost.aws/knowledge-center/mfa-iam-user-aws-cli
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- EXPERTpublished 9 months ago