AWS has a great console where it is easy to use multi-factor authentication (MFA) after it has been configured for the user. With this tutorial you can also use MFA with aws commandline tools. To do this AWS uses Secure Token Service, which allows assume-role with MFA. This process helps create a much more secure way to use Access Keys on a remote machine. Even if the key is compromised, it is almost impossible to use without the MFA device and the knowledge of the role that the IAM user is allowed to access using the access key. To take advantage of this process follow these steps:
This section is based on the Policies for Delegating Access from AWS.
Create an IAM policy and give it the desired access permissions. In this example I have given the user access to write to a s3 bucket.
- Policy to access to one of your bucket