ERROR - An error occured while calling assume role: An error occurred (AccessDenied)

[dom-guibegotti]

This is the second time I installed and using aws-mfa. For the first all worked great, now in this new setup I can't set my device. All the time I run:

aws-mfa --device arn:aws:iam::xxxxxxxxxxxxxx:user/xxxxxxxx

And then type the token I get:

INFO - Validating credentials for profile: default INFO - Short term credentials section default is missing, obtaining new credentials. Enter AWS MFA code for device [arn:aws:iam::xxxxxxxxxxxxxx:user/xxxxxxxx] (renewing for 43200 seconds):311772 INFO - Fetching Credentials - Profile: default, Duration: 43200 ERROR - An error occured while calling assume role: An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, unable to validate MFA code. Please verify your MFA serial number is valid and associated with this user

The device arn is okay, long term keys are okay, instalation is okay too. What's the problem here?

[dom-guibegotti]

After creating the issue I looked more closely to the device arn and changed the 'user' tag to 'mfa' and it worked. Sorry for the inconvenience.

[zhanwenchen]

If anyone else encounters this problem even without typos, it's probably because the server and your device are out of sync for whatever reason. I fixed it by repeatedly attempting to sign in to the web AWS Management Console. After two unsuccessful MFA codes, AWS will redirect you to a page where you type in two consecutive MFA codes on the same page. Then you should be able to do it on the command line with aws-mfa too.