Closed sojjan1337 closed 1 year ago
jeromegamez
commented
1 year ago Hey there!
yes, that's a challenge, but as it is one out of the scope of this module.
Another, more popular module, has a usage example using aws-vault:
https://registry.terraform.io/modules/terraform-module/enforce-mfa/aws/latest
I use aws-vault myself (although without MFA) and can say it's an invaluable helper.
jeromegamez
commented
1 year ago I'll close the issue now because I can't provide help in the scope of this module, but feel free to add further comments with your findings - they might help others with the same challenge who stumble upon this. 🤞🏻
sojjan1337
commented
1 year ago Thanks for your reply!
Hi!
After i add the enforceMFA then i don't have access with terraform for adding or removing resources.
Error: reading IAM Group (MFAGroup): AccessDenied: User: arn:aws:iam::804545353:user/testuser is not authorized to perform: iam:GetGroup on resource: group MFAGroup with an explicit deny in an identity-based policy
How do i still enforceMFA for the user and also have programmatic access for creating and deleting resources?