- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
EnableMFADeviceCommand
Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { IAMClient, EnableMFADeviceCommand } from "@aws-sdk/client-iam"; // ES Modules import
// const { IAMClient, EnableMFADeviceCommand } = require("@aws-sdk/client-iam"); // CommonJS import
const client = new IAMClient(config);
const input = { // EnableMFADeviceRequest
UserName: "STRING_VALUE", // required
SerialNumber: "STRING_VALUE", // required
AuthenticationCode1: "STRING_VALUE", // required
AuthenticationCode2: "STRING_VALUE", // required
};
const command = new EnableMFADeviceCommand(input);
const response = await client.send(command);
// {};
EnableMFADeviceCommand Input
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
AuthenticationCode1Required | string | undefined | An authentication code emitted by the device. The format for this parameter is a string of six digits. Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device . |
AuthenticationCode2Required | string | undefined | A subsequent authentication code emitted by the device. The format for this parameter is a string of six digits. Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device . |
SerialNumberRequired | string | undefined | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.:/- |
UserNameRequired | string | undefined | The name of the IAM user for whom you want to enable the MFA device. This parameter allows (through its regex pattern ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.- |
EnableMFADeviceCommand Output
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| ConcurrentModificationException | client | The request was rejected because multiple requests to change this object were submitted simultaneously. Wait a few minutes and submit your request again. |
| EntityAlreadyExistsException | client | The request was rejected because it attempted to create a resource that already exists. |
| EntityTemporarilyUnmodifiableException | client | The request was rejected because it referenced an entity that is temporarily unmodifiable, such as a user name that was deleted and then recreated. The error indicates that the request is likely to succeed if you try again after waiting several minutes. The error message describes the entity. |
| InvalidAuthenticationCodeException | client | The request was rejected because the authentication code was not recognized. The error message describes the specific error. |
| LimitExceededException | client | The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded. |
| NoSuchEntityException | client | The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource. |
| ServiceFailureException | server | The request processing has failed because of an unknown error, exception or failure. |
| IAMServiceException | Base exception class for all service exceptions from IAM service. |