I'm trying to authenticate to an AWS account that has MFA enabled. But, I'm not able to do so because it's throwing error. Also, I'm not getting any examples or clear documentation for performing it.
I'm following the example mentioned in the official docs.
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX - License - Identifier: Apache - 2.0
// snippet-start:[sts.go-v2.AssumeRole]
package main
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/sts"
)
// STSAssumeRoleAPI defines the interface for the AssumeRole function.
// We use this interface to test the function using a mocked service.
type STSAssumeRoleAPI interface {
AssumeRole(ctx context.Context,
params *sts.AssumeRoleInput,
optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error)
}
// TakeRole gets temporary security credentials to access resources.
// Inputs:
//
// c is the context of the method call, which includes the AWS Region.
// api is the interface that defines the method call.
// input defines the input arguments to the service call.
//
// Output:
//
// If successful, an AssumeRoleOutput object containing the result of the service call and nil.
// Otherwise, nil and an error from the call to AssumeRole.
func TakeRole(c context.Context, api STSAssumeRoleAPI, input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
return api.AssumeRole(c, input)
}
func main() {
roleARN := "arn:aws:iam::<AccountId>:role/<RoleName>"
sessionName := "<SessionName>"
serialNumber := "arn:aws:iam::<AccountId>:mfa/<DeviceName>"
cfg, err := config.LoadDefaultConfig(context.TODO())
if err != nil {
panic("configuration error, " + err.Error())
}
client := sts.NewFromConfig(cfg)
input := &sts.AssumeRoleInput{
RoleArn: &roleARN,
RoleSessionName: &sessionName,
SerialNumber: &serialNumber,
DurationSeconds: &[]int32{3600}[0],
TokenCode: &[]string{"<MFA Code>"}[0],
}
result, err := TakeRole(context.TODO(), client, input)
if err != nil {
fmt.Println("Got an error assuming the role:")
fmt.Println(err)
return
}
fmt.Println(result.AssumedRoleUser)
}
// snippet-end:[sts.go-v2.AssumeRole]
But, I'm not able to authenticate and I'm getting the below error always despite passing the MFA code.
Got an error assuming the role:
operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: d93830fb-f92e-4cdb-806f-cfdf116a6cef, api error InvalidClientTokenId: The security token included in the request is invalid.
I tried to authenticate to the AWS Account (which has MFA enabled - using Go lang SDK v2 ) but I'm unable to do so. It always throws me this error and the documentation isn't quite proper as well.
panic: failed to assume role, operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: 167f2d24-e6b4-4227-8470-97b39c7e3abd, api error InvalidClientTokenId: The security token included in the request is invalid.
goroutine 1 [running]:
However, I'm able to do the same with Python SDK (Boto3) for AWS.