[Feature Request] Extend Credentials processing for MTurk to support MFA

facebookresearch / Mephisto

A suite of tools for managing crowdsourcing tasks from the inception through to data packaging for research use.

https://mephisto.ai/

MIT License

305 stars 77 forks source link

[Feature Request] Extend Credentials processing for MTurk to support MFA #808

Open dkaushik96 opened 2 years ago

dkaushik96 commented 2 years ago

My AWS account needs multi factor authentication and if I register my AWS IAM user through Mephisto to run MTurk tasks, then it does not recognize the permissions as the aws_session_code is missing.

AWS CLI allows me to get a session code: aws sts get-session-token --serial-number arn:aws:iam:: --token-code

and then export it to aws/credentials file but then there is a mismatch between that session code and Mephisto's requests. Can we add this feature?

JackUrb commented 2 years ago

Hi @dkaushik96 - this isn't something I have experience with. Do you have any visibility on what causes the "mismatch between that session code and Mephisto's requests." and if there's a clear way to incorporate an aws_session_code into a botocore-based session?

Would be happy to scope or add this functionality once I get a better idea what needs to be done.

dkaushik96 commented 2 years ago

Hey, sorry missed this. Here's a doc AWS provides: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sample-code.html