IAM / Client / enable_mfa_device

enable_mfa_device#

IAM.Client.enable_mfa_device(**kwargs)#

Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device.

See also: AWS API Documentation

Request Syntax

response = client.enable_mfa_device(
    UserName='string',
    SerialNumber='string',
    AuthenticationCode1='string',
    AuthenticationCode2='string'
)
Parameters:
  • UserName (string) –

    [REQUIRED]

    The name of the IAM user for whom you want to enable the MFA device.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • SerialNumber (string) –

    [REQUIRED]

    The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

  • AuthenticationCode1 (string) –

    [REQUIRED]

    An authentication code emitted by the device.

    The format for this parameter is a string of six digits.

    Warning

    Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.

  • AuthenticationCode2 (string) –

    [REQUIRED]

    A subsequent authentication code emitted by the device.

    The format for this parameter is a string of six digits.

    Warning

    Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can resync the device.

Returns:

None

Exceptions

  • IAM.Client.exceptions.EntityAlreadyExistsException

  • IAM.Client.exceptions.EntityTemporarilyUnmodifiableException

  • IAM.Client.exceptions.InvalidAuthenticationCodeException

  • IAM.Client.exceptions.LimitExceededException

  • IAM.Client.exceptions.NoSuchEntityException

  • IAM.Client.exceptions.ServiceFailureException

  • IAM.Client.exceptions.ConcurrentModificationException