I am trying to use the AssumeRole for my account ,it is already set up but has MFA enabled So I need a way to send a token without having the user to enter it every time .
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789324:user/[email protected]"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
So how can I pass in the MFA token when making a call for the Assume Role
var client = new AmazonSecurityTokenServiceClient();
string token = Console.ReadLine(); //--> Get from Authenticator App of your choice
AssumeRoleRequest request = new()
{
RoleSessionName = "TestSesion",
RoleArn = roleArn,
DurationSeconds = 1600,
TokenCode = token,
SerialNumber = "arn:aws:iam::123456789324:user/[email protected]"
};
var assumeRoleResponse = await client.AssumeRoleAsync(request);
The SerialNumber is fixed but for the Token, how can this be set without the user having to put it in. When running an application in production is there a way to trust the initial user assuming the new role ?