Hey guys Does someone have an idea how to activate MFA on AW

Question

Hey guys Does someone have an idea how to activate MFA on AWS account for pulumi Also using github actions so if someone know about good Action to use it could be great Thanks slightly smiling face

billowy-army-68599 · Answer

at what scope the root account per user

billowy-horse-79629 · Answer

I have pulumi dev user which have assumeRole permissions on my dev stg prod accounts

billowy-horse-79629 · Answer

using aws organization the pulumi user is on the root account which can assume role on the child accounts

billowy-army-68599 · Answer

so you want to enable mfa for the pulumi dev user that ll mean you get prompted for your aws mfa token every time you run your action

billowy-horse-79629 · Answer

Yeah i m a bit confused with that I know that what MFA means but in terms of using an AWS account with pulumi or other iac tool is there any best practice you recommend

billowy-army-68599 · Answer

you can t automate mfa in a ci cd pipeline to the best of my knowledge that s for human users

billowy-army-68599 · Answer

I would recommend not using users at all <https www leebriggs co uk blog 2022 01 23 gha cloud credentials html>

billowy-horse-79629 · Answer

That looks awesome i ll try to implement it

billowy-horse-79629 · Answer

Thanks

billowy-horse-79629 · Answer

< billowy army 68599> you are missing the ` $secrets ROLE ARN ` there on the blog post

billowy-horse-79629 · Answer

There s Something that I still can t figure out after reading this guide Which tool will run this pulumi program if it s GHA it ll need creds in order to create the role and oidc provider or is it just for 1 time running from local console

billowy-army-68599 · Answer

< billowy horse 79629> I created the roles manually outside github actions its a one time operation