Explore Courses Blog Tutorials Interview Questions
0 votes
in AWS by (5.6k points)

 I am trying to retrieve session token on the AWS CLI like:

aws sts get-session-token --serial-number arn-string --token-code mfacode


* arn-string is copied from the IAM management console, security credentials for the assigned MFA device,format like "arn:aws:iam:<number>:mfa/<name>"

* "mfacode" is taken from the registered virtual MFA device


An error occurred (InvalidClientTokenId) when calling the GetSessionToken operation: The security token included in the request is invalid.

However, I use that MFA device to log in to the console in the browser, I have only a default profile in my ~/.aws/, but I don't see how this would have any influence.

1 Answer

0 votes
by (12.4k points)

The profile used must have the "mfa_serial" entry. In my case added the "arn-string" for the MFA-device to my local default profile in "~/.aws/config" like so:


region = eu-central-1

mfa_serial = arn:aws:iam:<number>:mfa/<name>

This string can be found in the console, IAM service under the user, security credentials.

Do Check out the AWS Certification Course offered by Intellipaat.

Related questions

0 votes
1 answer

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer
asked Dec 19, 2020 in AWS by devin (5.6k points)
0 votes
1 answer

Browse Categories