docs: explain how to use multiple MFA virtual devices for same account #39
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…files" to be able to use both Google Authenticator and Yubikey to provide TOTP.
|
If you have everything else set up correctly, but you have not added the vegas-credentials assume --verbose --profile=somerole@work-acc-2@y
ℹ️ Credentials: Role: =arn:aws:iam::2222222222222:role/somerole
🔧 Credentials: Cache: /Users/FrankSinatra/Library/Caches/vegas-credentials/session-cache
ℹ️ Credentials: Cache: Not found
🔧 Yubikey: OATH password cache: /Users/FrankSinatra/Library/Caches/vegas-credentials/yubikey-oath-access
🔧 Yubikey: Device Serial: 1234567890
🔧 Yubikey: OATH Account: Amazon Web Services:FrankSinatra@vegas-demo-account
ℹ️ Yubikey: device is available
🔒 Yubikey: OATH application is password protected
🔐 Yubikey: OATH password found from cache
🔑 MFA: Input Token (via CLI stdin / GUI prompt / Yubikey touch):
ℹ️ MFA: Token received via Yubikey touch
ℹ️ MFA: Token received: "123456"
ℹ️ MFA: Serial: arn:aws:iam::111111111111:mfa/FrankSinatra@virtual-yubikey-oath
panic: operation error STS: AssumeRole, exceeded maximum number of attempts, 3, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, exceeded maximum number of attempts, 3, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: connect: host is down
goroutine 1 [running]:
github.com/aripalo/vegas-credentials/internal/credentials.(*Credentials).New(0xc000330360, {0xc00044e6e0, 0x6})
/home/runner/work/vegas-credentials/vegas-credentials/internal/credentials/credentials.go:114 0x8f1
github.com/aripalo/vegas-credentials/internal/app.(*App).Assume(0xc0006b3d38, {{0x7ff7bfeff58d?, 0x0?}})
/home/runner/work/vegas-credentials/vegas-credentials/internal/app/assume.go:56 0x505
github.com/aripalo/vegas-credentials/cmd.glob..func3(0x1dfd900?, {0x181809b?, 0x2?, 0x2?})
/home/runner/work/vegas-credentials/vegas-credentials/cmd/assume.go:36 0xcc
github.com/spf13/cobra.(*Command).execute(0x1dfd900, {0xc000147540, 0x2, 0x2})
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:856 0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0x1dfdb80)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:974 0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
github.com/aripalo/vegas-credentials/cmd.Execute()
/home/runner/work/vegas-credentials/vegas-credentials/cmd/cmd.go:74 0x25
main.main()
/home/runner/work/vegas-credentials/vegas-credentials/main.go:25 0xba |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Explains how to set up multiple "credential profiles" and "role profiles" to be able to use both Google Authenticator and Yubikey to provide TOTP for the same AWS account assuming the same target role.
Fixes #38