4/10/2023 0 Comments Aws yubikeyOperating System and version: macOS 13.2.Was hoping 'gimme-aws-creds' would.) Your Environment Making life easier with Yubikeys and the AWS CLI If you’re working with Amazon Web Services, and want the highest level of security around usage of your AWS account, AWS recommends that you use IAM users instead of the account’s root user, set up Multi-Factor authentication (MFA) on the IAM users, and then require MFA for API operations. (However, saml2aws doesn't support it as a method. ![]() gimme-aws-creds -action-setup-fido-authenticatorĪs mentioned, the TouchID is already set up in Okta and works.*** You may be prompted for MFA more than once for this run.Įxception in thread Thread-6 (_make_credential):įile "/opt/homebrew/Cellar/gimme-aws-creds/2.5.0/libexec/lib/python3.11/site-packages/fido2/client.py", line 510, in make_credentialĪtt_obj, extension_outputs = self._do_make_credential(įile "/opt/homebrew/Cellar/gimme-aws-creds/2.5.0/libexec/lib/python3.11/site-packages/fido2/client.py", line 584, in _ctap2_make_credentialįile "/opt/homebrew/Cellar/gimme-aws-creds/2.5.0/libexec/lib/python3.11/site-packages/fido2/ctap2/base.py", line 785, in make_credentialįile "/opt/homebrew/Cellar/gimme-aws-creds/2.5.0/libexec/lib/python3.11/site-packages/fido2/ctap2/base.py", line 675, in send_cborį: CTAP error: 0x11 - CBOR_UNEXPECTED_TYPE One critical requirement of our efforts to enforce security best practices at Klaviyo is implementing. *** Note that webauthn authenticators must be allowed for this operation to succeed. YubiKeys are one type of authentication device. ![]() *** Registering a new fido authenticator in Okta. $ gimme-aws-creds -action-setup-fido-authenticator ensure Yubikey authenticator app is installed, and both keys plugged in - select the 'virtual MFA device' option in AWS when enabling MFA - copy the secret key to clipboard (instead of using the QR code), open Yubikey authenticator app on PC and manually add new accounts on each key using the secret key copied to clipboard.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |