[SOLVED] MFA Entity already exists Error in AWS IAM
Sometimes, When IAM user tries to register a new Virtual MFA device using Google Authenticator or similar tools, they notice the following error,
Entity Already exists
This entity already exists. MFADevice entity at the same path and name already exists. Before you can add a new virtual MFA device, ask your administrator to delete the existing device using the CLI or API.
This happens because the MFA device was created but not enabled for the users. It may happen because of various reasons. If you are a system administrator or platform engineer, this can be little pain to figure out the issue.
Luckily, the solution is straightforward, as shown below,
- List all Virtual MFA devices and find out the MFA serial number,
aws iam list-virtual-mfa-devices
For example, if your username is suraj, you can try the following command,
$ aws iam list-virtual-mfa-devices | grep suraj
arn:aws:iam::0123456789:mfa/suraj
Once you know the ARN of MFA, now we have to delete this dangling MFA using the following command,
aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::0123456789:mfa/suraj
Now users should be able to register new MFA devices with their IAM users.
Thank you so much for reading 😃 Have a great day 🎉
👋 Connect with me👋
- Subscribe to my newsletter: https://surajincloud.substack.com
- Twitter: https://twitter.com/surajincloud
- LinkedIn: https://www.linkedin.com/in/surajnarwade
- GitHub: https://github.com/surajnarwade
- Instagram: https://www.instagram.com/surajincloud
- Reddit: https://www.reddit.com/r/surajincloud
🔥 Support My work ❤️
- Buy me a Coffee: https://www.buymeacoffee.com/surajincloud
- PayPal: https://paypal.me/surajincloud