If 2FA is enabled on your AWS account, in order to use aws
cli command from terminal you need to get the fresh credentials. First get the arn:
aws iam list-mfa-devices --user-name meandmyself
Then get the creds:
aws sts get-session-token --serial-number arn-of-the-mfa-device --token-code code-from-token
The arn-of-the-mfa-device is from the first command and code-from-token is just the 6-digit code from your 2FA app on your phone or somewhere.
Then copy paste all of the fields in ~/.aws/credentials file.
Example:
antisa@antisa-XPS-13-9310:~$ aws iam list-mfa-devices { "MFADevices": [ { "UserName": "ante", "SerialNumber": "arn:aws:iam::xxxxxxxxxxxx:mfa/meandmyself", "EnableDate": "2024-05-09T11:50:38+00:00" } ] } antisa@antisa-XPS-13-9310:~$ aws sts get-session-token --serial-number arn:aws:iam::xxxxxxxxxx:mfa/meandmyself --token-code 123456 { "Credentials": { "AccessKeyId": "ASxxxxxxxxxxxx", "SecretAccessKey": "wBxxxxxxxxxxxxxxxxxxxxxxxx", "SessionToken": "IQoJb3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "Expiration": "2024-10-16T23:56:17+00:00" } }
The format in ~/.aws/credentials should be like:
[myprofile] aws_access_key_id = xxxxxxxxxxxxxxxxxxx aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx aws_session_token = IQoxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx