aws sts get-session-token
Jump to navigation
Jump to search
aws sts get-session-token Ref returns a set of temporary credentials for an:
Not valid for AWS IAM Identity Center users
aws sts get-session-token --profile "$1" --serial-number "$2" --token-code $MFA_CODE
- Duration: 12 hours (43,200 seconds) as the default. Valid range: 15 minutes to 36 hours (129,600 seconds).
Examples[edit]
aws sts get-session-token --serial-number <mfa_device> --token-code <token>aws sts get-session-token --serial-number arn:aws:iam::62405745487395:mfa/yourname --token-code 123456aws sts get-session-token --serial-number arn:aws:iam::62405745487395:mfa/yourname --duration-seconds 129600 --token-code 123456aws sts get-session-token --serial-number arn:aws:iam::62405745487395:mfa/yourname --duration-seconds 129600 --token-code 123456 --output text
Synopsys[edit]
get-session-token [--duration-seconds <value>] [--serial-number <value>] [--token-code <value>] [--cli-input-json <value>] [--generate-cli-skeleton <value>]
Example[edit]
aws sts get-session-token \
--duration-seconds 900 \
--serial-number "arn:aws:iam::62405745487395:mfa/yourname" \
--token-code 123456
{
"Credentials": {
"AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
"SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
"SessionToken": "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE",
"Expiration": "2020-05-19T18:06:10+00:00"
}
}
Errors[edit]
An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, unable to validate MFA code. Please verify your MFA serial number is valid and associated with this user.
Solution: make sure you are using a mfa ARN, arn:aws:iam::62405745487395:mfa/yourname
An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials Solution: make sure to add your generated credentials including AWS_SESSION_TOKEN to your credentials file
An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, must provide both MFA serial number and one time pass code.
An error occurred (ExpiredToken) when calling the XXX operation: The provided token has expired.
An error occurred (InvalidClientTokenId) when calling the GetSessionToken operation: The security token included in the request is invalid
An error occurred (ExpiredToken) when calling the GetSessionToken operation: The security token included in the request is expired
An error occurred (AccessDenied) when calling the GetSessionToken operation: Cannot call GetSessionToken with session credentials
Related terms[edit]
Activities[edit]
See also[edit]
Advertising:
