mfa_serial - AWS SDKs and Tools


Specifies the identification or serial number of an multi-factor authentication (MFA) device that the user must use when assuming a role.


This setting is required only when the profile specifies to assume a role and the trust policy for that role includes a condition that requires MFA authentication.

Default value: None. This value must be explicitly set.

Valid values: The value can be either a serial number for a hardware device (such as GAHT12345678), or an Amazon Resource Name (ARN) for a virtual MFA device. For more information about MFA, see Configuring MFA-Protected API Access in the IAM User Guide.

Ways to set this value

Location Supported Example
config file Yes
mfa_serial = arn:aws:iam::123456789012:mfa/my-user-name
credentials file -
Environment variable -
AWS CLI parameter -

Compatibility with AWS SDKS and tools