1 Answer
- Newest
- Most votes
- Most comments
1
When the virtual MFA device registration isn't completed, the virtual device remains but is no longer associated to the user. It still blocks another MFA device from being registered with the same name.
You can work around the issue simply by giving the new MFA device a different name.
You can find the orphaned virtual MFA devices with this CLI command (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/list-virtual-mfa-devices.html):
aws iam list-virtual-mfa-devices --assignment-status Unassigned
and if there are any, you can delete them with the command (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-virtual-mfa-device.html):
aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::123456789012:mfa/MFADeviceName
Relevant content
- asked 3 years ago
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago