If 2FA is enabled on your AWS account, in order to use aws cli command from terminal you need to get the fresh credentials. First get the arn:

aws iam list-mfa-devices --user-name meandmyself

Then get the creds:

aws sts get-session-token --serial-number arn-of-the-mfa-device --token-code code-from-token

The arn-of-the-mfa-device is from the first command and code-from-token is just the 6-digit code from your 2FA app on your phone or somewhere.

Then copy paste all of the fields in ~/.aws/credentials file.

Example:

antisa@antisa-XPS-13-9310:~$ aws iam list-mfa-devices
{
    "MFADevices": [
        {
            "UserName": "ante",
            "SerialNumber": "arn:aws:iam::xxxxxxxxxxxx:mfa/meandmyself",
            "EnableDate": "2024-05-09T11:50:38+00:00"
        }
    ]
}

antisa@antisa-XPS-13-9310:~$ aws sts get-session-token --serial-number arn:aws:iam::xxxxxxxxxx:mfa/meandmyself --token-code 123456
{
    "Credentials": {
        "AccessKeyId": "ASxxxxxxxxxxxx",
        "SecretAccessKey": "wBxxxxxxxxxxxxxxxxxxxxxxxx",
        "SessionToken": "IQoJb3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "Expiration": "2024-10-16T23:56:17+00:00"
    }
}

The format in ~/.aws/credentials should be like:

[myprofile]
aws_access_key_id = xxxxxxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
aws_session_token = IQoxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

• aws-cli/2.12.5 Python/3.11.4 Linux/6.8.0-45-generic exe/x86_64.ubuntu.22 prompt/off

• https://stackoverflow.com/questions/34795780/how-to-use-mfa-with-aws-cli
• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html