Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.4.0
-
None
-
None
Description
Hello all,
Use case: Account A has MFA enabled and wants to assume role to upload in s3 bucket of Account B. The Role is configured to allow users ONLY with MFA enabled.
Conclusion: STS Api is used to retrieve temporary credentials. One way is with .assumeRole() method and the other is with .createTemporaryCredentials() where you can use MFA device number. However, they cannot be used together! We cannot .assumeRole() with information about the role arn, external id and MFA device number.
I referred also to "STSApiExpectTest.java".
Best Regards,
Blago