ApoTheOne/Serverless, AWS, Assume Role, MFA

## Serverless, AWS, Assume Role, MFA
# Resolve error - Profile xyz not found with Serverless when using assumed roles and MFA

## While deploying using serverless:
`sls deploy -v --aws-profile assumeRole`

## Error description:
For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

---

## Resolution:
To get temporary credentials using MFA, run:
`aws sts get-session-token --serial-number arn:aws:iam::111111111111:mfa/user.name --token-code 123456`

**Note:**
 - --serial-number is in user IAM's "Security Credentials" section => Assigned MFA device:
arn:aws:iam::111111111111:mfa/user.name
 - --token-code is the MFA token code.

Output:
{
    "Credentials": {
        "SecretAccessKey": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
        "SessionToken": "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt",
        "Expiration": "2018-09-19T19:53:39Z",
        "AccessKeyId": "KKKKKKKKKKKKKKKKKKKKKK"
    }
}

Set AccessKeyId, SecretAccessKey and SessionToken in **mfa** profile's credentials.

.aws/config file:
```
[default]
region = us-east-1

[profile mfa]
region = us-east-1

[profile assumeRole]
source_profile = mfa
```

.aws/credentials file:
```
[default]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[mfa]
aws_access_key_id = KKKKKKAccessKeyIdKKKKK
aws_secret_access_key = aaaaaaaaaSecretAccessKeyaaaaaaaaaaaaaa
aws_session_token = ttttttttttttttttttttttttttSessionTokenttttttttttttttttttttttttttttttttttt

[assumeRole]
role_arn = arn:aws:iam::3333333333333:role/RoleName
source_profile = mfa
```

`sls deploy -v --aws-profile assumeRole`
	# Resolve error - Profile xyz not found with Serverless when using assumed roles and MFA

	## While deploying using serverless:
	`sls deploy -v --aws-profile assumeRole`

	## Error description:
	For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

	---

	## Resolution:
	To get temporary credentials using MFA, run:
	`aws sts get-session-token --serial-number arn:aws:iam::111111111111:mfa/user.name --token-code 123456`

	Note:
	- --serial-number is in user IAM's "Security Credentials" section => Assigned MFA device:
	arn:aws:iam::111111111111:mfa/user.name
	- --token-code is the MFA token code.

	Output:
	{
	"Credentials": {
	"SecretAccessKey": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
	"SessionToken": "tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt",
	"Expiration": "2018-09-19T19:53:39Z",
	"AccessKeyId": "KKKKKKKKKKKKKKKKKKKKKK"
	}
	}

	Set AccessKeyId, SecretAccessKey and SessionToken in mfa profile's credentials.

	.aws/config file:
	```
	[default]
	region = us-east-1

	[profile mfa]
	region = us-east-1

	[profile assumeRole]
	source_profile = mfa
	```

	.aws/credentials file:
	```
	[default]
	aws_access_key_id = XXXXXXXXXXXXXXXXXXXXXXX
	aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

	[mfa]
	aws_access_key_id = KKKKKKAccessKeyIdKKKKK
	aws_secret_access_key = aaaaaaaaaSecretAccessKeyaaaaaaaaaaaaaa
	aws_session_token = ttttttttttttttttttttttttttSessionTokenttttttttttttttttttttttttttttttttttt

	[assumeRole]
	role_arn = arn:aws:iam::3333333333333:role/RoleName
	source_profile = mfa
	```

	`sls deploy -v --aws-profile assumeRole`