[SOLVED] MFA Entity already exists Error in AWS IAM

Photo by Elisa Ventur on Unsplash

Sometimes, When IAM user tries to register a new Virtual MFA device using Google Authenticator or similar tools, they notice the following error,

Entity Already exists
This entity already exists. MFADevice entity at the same path and name already exists. Before you can add a new virtual MFA device, ask your administrator to delete the existing device using the CLI or API.

This happens because the MFA device was created but not enabled for the users. It may happen because of various reasons. If you are a system administrator or platform engineer, this can be little pain to figure out the issue.

Luckily, the solution is straightforward, as shown below,

• List all Virtual MFA devices and find out the MFA serial number,

aws iam list-virtual-mfa-devices

For example, if your username is suraj, you can try the following command,

$ aws iam list-virtual-mfa-devices | grep suraj
arn:aws:iam::0123456789:mfa/suraj

Once you know the ARN of MFA, now we have to delete this dangling MFA using the following command,

aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::0123456789:mfa/suraj

Now users should be able to register new MFA devices with their IAM users.

Thank you so much for reading 😃 Have a great day 🎉

👋 Connect with me👋

• Subscribe to my newsletter: https://surajincloud.substack.com
• Twitter: https://twitter.com/surajincloud
• LinkedIn: https://www.linkedin.com/in/surajnarwade
• GitHub: https://github.com/surajnarwade
• Instagram: https://www.instagram.com/surajincloud
• Reddit: https://www.reddit.com/r/surajincloud

🔥 Support My work ❤️

• Buy me a Coffee: https://www.buymeacoffee.com/surajincloud
• PayPal: https://paypal.me/surajincloud