device serial number #144
-
|
How do I obtain the serial number of the virtual device? This is required when associating a device with a MFA, e.g. in AWS. I'm trying to do this via Terraform - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_virtual_mfa_device where e.g. > totp-cli add-token default user
>> $TOKEN
> totp-cli generate --follow default user
>> 123456
>> 234567
> aws iam enable-mfa-device --user-name user --authentication-code-1 123456 --authentication-code-2 234567 --serial-number ?????HELP-HELP?????I didn't think $TOKEN would work for serial number, but tried it anyway.. invalid. I also tried to use the password when creating the totp-cli token store, also no joy. I believe the serial number should be controlled by totp-cli, but I am not entirely certain how to obtain it. Please advise, thank you :) |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
|
Some more context if anyone else can lend a hand.. resource "aws_iam_user" "default" {
name = "user"
}
resource "aws_iam_virtual_mfa_device" "default" {
virtual_mfa_device_name = "totp"
}> tofu output aws_iam_virtual_mfa_device.default
# aws_iam_virtual_mfa_device.default:
resource "aws_iam_virtual_mfa_device" "default" {
arn = "arn:xxx:iam::xxx:mfa/totp"
base_32_string_seed = "65-character-32-base-encoded-token-string"
id = "arn:xxx:iam::xxx:mfa/totp"
path = "/"
virtual_mfa_device_name = "totp"
}After doing the |
Beta Was this translation helpful? Give feedback.
-
|
Solved - https://docs.aws.amazon.com/IAM/latest/APIReference/API_VirtualMFADevice.html && https://github.com/hashicorp/terraform-provider-aws/blob/8a190d445a23d0624fbb47afba1be2c5045022c8/internal/service/iam/virtual_mfa_device.go#L114 The SerialNumber was actually part of the VirtualMFADevice... hiding as the terraform resource id ugh, sorry for the noise. It now works :-) I was able to create the virtual mfa device in IAM, backed by totp-cli, and just waiting to see if it will satisfy IAM.19 (https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-19) for SecurityHub |
Beta Was this translation helpful? Give feedback.
-
|
I'm happy you found the solution. Sorry, didn't see this earlier, end of year github notification panel is just overwhelming. |
Beta Was this translation helpful? Give feedback.
-
|
SecurityHub CPSM IAM.19 is satisfied by this solution! :) Thank you TOTP-CLI :) :) :) Near fully-automated solution. Thx |
Beta Was this translation helpful? Give feedback.
Solved - https://docs.aws.amazon.com/IAM/latest/APIReference/API_VirtualMFADevice.html && https://github.com/hashicorp/terraform-provider-aws/blob/8a190d445a23d0624fbb47afba1be2c5045022c8/internal/service/iam/virtual_mfa_device.go#L114
The SerialNumber was actually part of the VirtualMFADevice... hiding as the terraform resource id ugh, sorry for the noise. It now works :-) I was able to create the virtual mfa device in IAM, backed by totp-cli, and just waiting to see if it will satisfy IAM.19 (https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-19) for SecurityHub