The role obviously requires an MFA challenge for any operation that is not a sts get-caller-identity.
$ AWS_PROFILE=AdministratorAccessRole aws iam get-user --user-name christian \
| jq -re 'true'
Enter MFA code for arn:aws:iam::123456789:mfa/Christian:
true
~/Develop/github.com/christian-elsee/eks $ echo $?
0
When executing eksctl with a AWS_PROFILE that requires an MFA challenge, the challenge text is written to STDOUT. I am assuming its supposed to write to /dev/tty, but thats purely speculation.
Hello christian-elsee :wave: Thank you for opening an issue in eksctl project. The team will review the issue and aim to respond within 1-5 business days. Meanwhile, please read about the Contribution and Code of Conduct guidelines here. You can find out more information about eksctl on our website
Hi, I am executing
eksctl
within the context of an assumed role.The role obviously requires an MFA challenge for any operation that is not a
sts get-caller-identity
.When executing
eksctl
with aAWS_PROFILE
that requires an MFA challenge, the challenge text is written to STDOUT. I am assuming its supposed to write to /dev/tty, but thats purely speculation.Looking at the first two lines from
dist/plan.yaml
, we see the challenge text.Not a big deal, but you know, annoying. I like to use the payload generated from a
create cluster --dry-run
as a terraformish plan. Cheers