DEV Community

Taylor Brazelton
Taylor Brazelton

Posted on • Edited on

1

AWS Vault and MFA Setup on my Mac

Recently, I decided to secure my local machine by downloading and using AWS Vault. To my surprise, setting up MFA with Vault required a step or two more that I wasn't expecting. Here are my findings/steps.

First, I used homebrew to install aws-vault.

brew cask install aws-vault
Enter fullscreen mode Exit fullscreen mode

Then I added my profile and followed the instructions which had me provide my Access ID and Secret.

aws-vault add taylor
Enter fullscreen mode Exit fullscreen mode

Then I tried to list out the S3 buckets via:

aws-vault exec taylor -- aws s3 ls
Enter fullscreen mode Exit fullscreen mode

This resulted in the following error.

An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
Enter fullscreen mode Exit fullscreen mode

So I opened up my AWS config file in Visual Studio Code.

code ~/.aws/config
Enter fullscreen mode Exit fullscreen mode

Doing so lead me to see that my profile didn't have a mfa_serial variable defined. I found my key in IAM under my own user's Security Credentials tab and added it to the file.

Now, my config file had the following in it:

[profile taylor]
mfa_serial=arn:aws:iam::XXXXXXXXXX:mfa/taylor
Enter fullscreen mode Exit fullscreen mode

And when I performed my s3 listing again, it worked.

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more