search

serverless / serverless

⚡ Serverless Framework – Effortlessly build apps that auto-scale, incur zero costs when idle, and require minimal maintenance using AWS Lambda and other managed cloud services.
https://serverless.com
MIT License
46.5k stars 5.72k forks source link

sls deploy not waiting for MFA to be entered #11417

Open dandowd opened 2 years ago

dandowd commented 2 years ago

Are you certain it's a bug?

Is the issue caused by a plugin?

Are you using the latest v3 release?

Is there an existing issue for this?

Issue description

sls deploy does not wait for user input when MFA is required.

Steps to reproduce:

  1. Add a non-default entry to .aws/config
  2. Add export AWS_SDK_LOAD_PROFILE=1 to you shell rc file
  3. Add mfa_serial, role_arn, and source_profile to non-default entry
  4. Run AWS_PROFILE=profileName sls deploy

Below is an example aws config

[profile deploy]
mfa_serial = your_mfa_serial
role_arn = your_role_arn
source_profile = default

[default]
region = us-east-2

Service configuration (serverless.yml) content

service: aws-node-project

frameworkVersion: '3'

provider:
  name: aws
  region: us-east-2
  runtime: nodejs14.x

functions:
  hello:
    handler: handler.hello

Command name and used flags

AWS_PROFILE=deploy sls deploy

Command output

Command does not wait for user input at "Enter MFA code for ${mfaSerial}: "

Environment information

export AWS_SDK_LOAD_PROFILE=1
AWS_PROFILE=deploy 

Framework Core: 3.22.0
Plugin: 6.2.2
SDK: 4.3.2
medikoo commented 2 years ago

Please provide complete servelress.yml content and command output

wmegel commented 2 years ago

Hi,

I have the same type of issue when my aws profile uses an MFA device. Each time I try to enter a digit of the mfa code, it appears twice on the screen!! and as a result I have an error that tells me that the MFA code is invalid!

Profile configuration

[profile xxx]
role_arn=arn:aws:iam::XXXX:role/roleName
source_profile=default
mfa_serial=arn:aws:iam::XXX:mfa/iamUser

Environment information

Environment: darwin, node 14.17.0, framework 3.21.0 (local), plugin 6.2.2, SDK 4.3.2

Serverless conf

service: xxx
useDotenv: true

provider:
  name: aws
  runtime: nodejs14.x
  profile: ${env:AWS_PROFILE, self:custom.defaultProfile}
  stage: ${opt:stage, self:custom.defaultStage}
 ...

.env file

AWS_REGION=eu-west-1
AWS_PROFILE=xxx

Command output

> npx sls deploy

Deploying XXX to stage v1 (eu-west-1)
112233445566de for arn:aws:iam::XXX:mfa/iamUser: 

✖ Stack XXX failed to deploy (12s)
Environment: darwin, node 14.17.0, framework 3.21.0 (local), plugin 6.2.2, SDK 4.3.2
Credentials: Local, "xxx" profile
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
MultiFactorAuthentication failed with invalid MFA one time pass code.

I have entered the code 123456. As you can see each digit appears twice: 112233445566

escar commented 2 years ago

Same happens to me, it does not wait for MFA to be entered, it continues instead, throwing this error after:

Profile XXX requires multi-factor authentication, but no MFA code callback was provided.