No MFA device is assigned, still being requested to enter MFA Code

0

Hi,

one of our IAM users, started getting MFA Code entry screens on login, although no MFA device is configured in IAM/users/Security Credentials/Assigned MFA device.

What else do I need to check?

2 Answers
1

Is your account part of a cross acount setup or organisation. Could be configured for the aws account?

AWS
answered 2 years ago
  • No other IAM user is requested to provide an MFA code. I have verified the roles and do not see an MFA setting there.

0

Hi rePost-User-1949278,

I remember I had a similar issue a while ago. It was like a "ghost" MFA configuration. I recommend installing the AWS Cli (step-by-step in case you need it) and "digging" the user information from the CLI. Here are some commands that might help:

aws iam list-mfa-devices --user-name $YOUR_USER

If the command above retrieves any information like the following structure:

{  
    "MFADevices": [
        {
            "UserName": "YOUR_USER",
             "SerialNumber": "arn:aws:iam::$account-number:mfa/YOUR_USER",
              "EnableDate": "YYYY-MM-DDTHH:MIMSS"
        }
    ]
}

You may delete the MFA bind to the the account with the aws iam delete-virtual-mfa-device --serial-number $VIRTUAL_DEVICE_ARN command.

I hope this helps.

Best regards, Gabriel Bartholomeu

AWS
answered 2 years ago
  • I tried this and interestingly the MFA device list was empty. I reset the password for this user and it doesn't ask for MFA code now. Maybe it was a temp bug on AWS for a brief time.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions