By using AWS re:Post, you agree to the Terms of Use

No MFA device is assigned, still being requested to enter MFA Code



one of our IAM users, started getting MFA Code entry screens on login, although no MFA device is configured in IAM/users/Security Credentials/Assigned MFA device.

What else do I need to check?

2 Answers

Is your account part of a cross acount setup or organisation. Could be configured for the aws account?

answered 15 days ago
  • No other IAM user is requested to provide an MFA code. I have verified the roles and do not see an MFA setting there.


Hi rePost-User-1949278,

I remember I had a similar issue a while ago. It was like a "ghost" MFA configuration. I recommend installing the AWS Cli (step-by-step in case you need it) and "digging" the user information from the CLI. Here are some commands that might help:

aws iam list-mfa-devices --user-name $YOUR_USER

If the command above retrieves any information like the following structure:

    "MFADevices": [
            "UserName": "YOUR_USER",
             "SerialNumber": "arn:aws:iam::$account-number:mfa/YOUR_USER",
              "EnableDate": "YYYY-MM-DDTHH:MIMSS"

You may delete the MFA bind to the the account with the aws iam delete-virtual-mfa-device --serial-number $VIRTUAL_DEVICE_ARN command.

I hope this helps.

Best regards, Gabriel Bartholomeu

answered 15 days ago
  • I tried this and interestingly the MFA device list was empty. I reset the password for this user and it doesn't ask for MFA code now. Maybe it was a temp bug on AWS for a brief time.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions