MFA requirement on IAM role trust policies are not supported by iidy

[scottbrown]

iidy does not support the functionality of MFA requirements on role assumptions (--profile in AWS CLI parlance). This is used to enforce role assumptions constraints when working with escalated IAM role privileges or working in a multi-account structure.

iidy ... --profile other-account

will return an STS assume role error.

[tavisrudd]

Related issue upstream: https://github.com/aws/aws-sdk-js/issues/1543

[tavisrudd]

There's some code on another issue that points at a way to resolve the issue with a call to aws.SharedIniFileCredentials followed by aws.TemporaryCredentials https://github.com/aws/aws-sdk-js/issues/1064

[tavisrudd]

I'm working on a fix for this. We'll also need to cover AssumeRoleArn, in which case the mfa serial number will need passing in as it won't be in ~/.aws/credentials.

[tavisrudd]

James and I came up with a solution in #119.

[tavisrudd]

119 has been merged so can test it out with MFA on developer laptops after cutting a new release.

[jpb]

Another solution it to have the SDK prompt user for the MFA token as per https://github.com/aws/aws-sdk-js/pull/2126

[tavisrudd]

This is resolved.