Resolution
----------

If an MFA device is created but isn't activated for use with IAM users, then this error occurs. First, deactivate the MFA device. Use the AWS Command Line Interface (AWS CLI) to delete the MFA device. Then, recreate the MFA device.

**Note:** If you receive errors when you run AWS CLI commands, then see [Troubleshoot AWS CLI errors](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html). Also, make sure that [you're using the most recent AWS CLI version](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).

Complete the following steps:

1. To list all virtual MFA devices created in your AWS account, run the [list-virtual-mfa-devices](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/list-virtual-mfa-devices.html) AWS CLI command:  
    ```plaintext
    aws iam list-virtual-mfa-devices --assignment-status Unassigned
    ```
    
2. Note the MFA device serial number that aligns with the name that you're creating.
3. To delete the MFA device, run the [delete-virtual-mfa-device](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-virtual-mfa-device.html) AWS CLI command:  
    ```plaintext
    aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::account-id:mfa/device-name
    ```
    
4. Create a new MFA device.  
    Follow the instructions to [activate a virtual MFA device for an IAM user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-iam-user).  
    \-or-  
    Follow the instructions to [assign MFA devices in the AWS CLI or AWS API](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_cliapi.html).

If you don't find unassigned devices with the same name, then that same device name was used for an MFA device by another user. Use a different name for your MFA device.

Related information
-------------------

[How can I require MFA authentication for IAM users that use the AWS CLI?](https://repost.aws/knowledge-center/mfa-iam-user-aws-cli)

[Using multi-factor authentication](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html#cli-configure-role-mfa)

[How do I use an MFA token to authenticate access to my AWS resources through the AWS CLI?](https://repost.aws/knowledge-center/authenticate-mfa-cli)

I tried to create a new multi-factor authentication (MFA) device for an AWS Identity and Access Management (IAM) user. I received an error similar to the following: "MFA Device entity at the same path and name already exists." The IAM user doesn't have any MFA devices. 

Troubleshoot the IAM "entity already exists" error for MFA

How do I troubleshoot the "entity already exists" error when an IAM user tries to create a new MFA device?

Security, Identity, & Compliance

Securing the Cloud: The evolution and future of AWS root access management, MFA integration and MFA adoption timelines for enhanced security design

How do I reset a lost or broken MFA device for my IAM user or AWS account root user?

How do I troubleshoot MFA error messages in my Amazon Cognito user pool?

How do I enforce MFA authentication for IAM users that use the AWS Management Console and the AWS CLI?

How do I update my telephone number to reset my lost MFA device?

"MFA device already exists" error when no MFA device exists

SSO users get error when trying to register an MFA device "It's not you, it's us"

Force existing user to use MFA

How do I disable Cognito MFA for existing users?

How to reset MFA for user

How do I troubleshoot the "entity already exists" error when an IAM user tries to create a new MFA device?

Resolution

Related information

Relevant content