AWSSecretsManagerConfigurationExtensions icon indicating copy to clipboard operation
AWSSecretsManagerConfigurationExtensions copied to clipboard

Published 20 hours ago verified publisher icon Kralizek

Accessing secrets when MFA is enabled

Open divekarvinit opened this issue 1 year ago • 1 comments

Hello,

Version: 1.7.0 App: .Net 6 Web API

I am unable to use the extension when I have an MFA enabled.

I use the CredentialProfileStoreChain to get AWS credential the following wasy as shown in an example.

var chain = new Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain();
_ = chain.TryGetProfile("nzp", out var prof);
var credentials = prof.GetAWSCredentials(prof.CredentialProfileStore);
builder.Configuration.AddSecretsManager(credentials: credentials, region:prof.Region, configurator: config =>
{
    config.KeyGenerator = (_, name) => name
        .Replace("__", ":");
});

I have a profile setup the following way. .aws\config file

[default]

output = json

region = ap-southeast-2


[profile nzp]

source_profile = default

role_arn = arn:aws:iam::<account_id>:role/<role_name>

mfa_serial = arn:aws:iam::<account_id>:mfa/<user_id>

region = ap-southeast-2

I get following exception when secret manager is added. Error calling AssumeRole for role arn:aws:iam::<account_id>:role/<role_name>

With inner exception as: The MfaSerialNumber has been set but the MfaTokenCodeCallback hasn't. MfaTokenCodeCallback is required in order to determine the MfaTokenCode when MfaSerialNumber is set.

I tried following an example of getting an MFA. But unfortunately cannot use Console in Web API project.

divekarvinit avatar Mar 15 '23 21:03 divekarvinit

Hi, sorry for the late answer.

I've never tested the library when MFA is enabled.

Could you please explain your use case?

Kralizek avatar Apr 03 '23 16:04 Kralizek