0

I'm trying to use a MFA protected SQS queue from a node.js application.

The code looks like this:

var sts = new AWS.STS(),
    awsSerialNumber = process.env.AWS_MFA_SERIAL_NUMBER,
    awsTokenCode = process.env.AWS_MFA_TOKEN;

sts.getSessionToken({
    DurationSeconds: 13600,
    SerialNumber: awsSerialNumber,
    TokenCode: awsTokenCode
}, function (err, data) {
    if (err) {
        console.log('STS error:', err, err.stack);
        return;
    }

    AWS.config.credentials = sts.credentialsFrom(data);

    sqs = new AWS.SQS();
});

So I'm calling the process as

$ AWS_MFA_TOKEN=123456 npm start

However, I'm getting the following error:

{ message: 'The security token included in the request is expired',
  code: 'ExpiredToken',
  time: ...,
  requestId: '...',
  statusCode: 403,
  retryable: true }

Though the token is fresh.

I have also tried with AWS.config.update passing accessKeyId, secretAccessKey and sessionToken. However, the code is not even reaching that point.

sebasmagri
  • 170
  • 2
  • 10
  • Sounds like the token might have fallen out of synchronization. Are you able to use the token to login to the AWS console or with another AWS service? – John Rotenstein Mar 09 '17 at 06:36
  • @JohnRotenstein I'm able to use the token with the CLI without problems. – sebasmagri Mar 09 '17 at 07:38
  • Can you try calling it via the [AWS Command-Line Interface (CLI)](http://aws.amazon.com/cli/)? Use `aws sts get-session-token --serial-number xx --token-code xx` See: [get-session-token](http://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html) – John Rotenstein Mar 09 '17 at 09:35
  • @JohnRotenstein the CLI works perfectly. – sebasmagri Mar 10 '17 at 16:05
  • If it works via the CLI and you are using the same Serial and Token Code, then the problem lies somewhere with the code. Try calling `getSessionToken` without `SerialNumber` and `TokenCode` to see whether the function call works. It should return credentials for a session, but without MFA. – John Rotenstein Mar 10 '17 at 23:38

0 Answers0