"MFA device already exists" error when no MFA device exists

0

I am trying to set up MFA for a new user. That user previously tried to set up MFA but did not have permissions to do so. There are currently no MFA devices registered for that user - I checked via the UI and again via CLI.

However, I am still getting this error:

Entity already exists
The request was rejected because it attempted to create a resource that already exists.
MFA device already exists.

How can I continue to set up MFA?

1 Answer
1

When the virtual MFA device registration isn't completed, the virtual device remains but is no longer associated to the user. It still blocks another MFA device from being registered with the same name.

You can work around the issue simply by giving the new MFA device a different name.

You can find the orphaned virtual MFA devices with this CLI command (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/list-virtual-mfa-devices.html):

aws iam list-virtual-mfa-devices --assignment-status Unassigned

and if there are any, you can delete them with the command (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-virtual-mfa-device.html):

aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::123456789012:mfa/MFADeviceName
EXPERT
Leo K
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile picture
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions