le-tf-infra-aws
le-tf-infra-aws copied to clipboard
Published
20 hours ago •
binbashar
binbashar
Documentation regarding MFA creation using base_identities, clarify MFA name
What?
In the documentation, regarding the MFA creation we have these lines:
Proceed to enable a virtual MFA device for your user, and generate programmatic keys for it. Make sure to keep these keys in a safe location.
There should be clarified the user name has to be used in order to be able to create the MFA. E.g.:
Proceed to enable a virtual MFA device for your user (name it after your username), and generate programmatic keys for it. Make sure to keep these keys in a safe location.
Why?
Based on the self-management policy created by the base_identities layer, we have the iam:CreateVirtualMFADevice but the resource is limited to arn:aws:iam::${var.accounts[var.environment].id}:mfa/$${aws:username}.
This means the mfa should be named the same as the username.
