Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Policies does not refresh from console

0

Hi! In my organization, we have set up policies that work this way: until you do not have MFA activated, you are just allowed to change password (the default one, see your profile) and activated the MFA in order to gain more access. So far, so good. Once activated, from the web dashboard you can work with instances, buckets and other tools. The issue we are facing is to work from the CLI, although the credentials are validated to work with the CLI, the message that arises is that the user has not permission to perform that.

Our team could not track the problem, we suspect that from the CLI does not know or check for the already activated MFA, so the first policy is not being compliance.

Could you please help us somehow? We are running out of ideas

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS Identity and Access ManagementAWS Command Line InterfaceIAM Policies
Language
English
asked 3 years ago275 views
1 Answer
1

Do you use aws sts get-session-token command when you get the credential for CLI? You have to get temporary session token with MFA. Check out the following blogs! https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/?nc1=h_ls

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content