login mfa-token-sign - AWS CloudHSM

login mfa-token-sign

Use the login mfa-token-sign command in AWS CloudHSM CloudHSM CLI log in using multifactor authentication. To use this command, you must first set up MFA for CloudHSM CLI.

User type

The following users can run these commands.

  • Admin

  • Crypto user (CU)


aws-cloudhsm > help login mfa-token-sign Login with token-sign mfa USAGE: login --username <USERNAME> --role <ROLE> mfa-token-sign --token <TOKEN> OPTIONS: --cluster-id <CLUSTER_ID> Unique Id to choose which of the clusters in the config file to run the operation against. If not provided, will fall back to the value provided when interactive mode was started, or error --token <TOKEN> Filepath where the unsigned token file will be written -h, --help Print help


aws-cloudhsm > login --username test_user --role admin mfa-token-sign --token /home/valid.token Enter password: Enter signed token file path (press enter if same as the unsigned token file): { "error_code": 0, "data": { "username": "test_user", "role": "admin" } }



The ID of the cluster to run this operation on.

Required: If multiple clusters have been configured.


Filepath where the unsigned token file will be written.

Required: Yes

Related topics