I created a new policy to enforce IAM user to setup MFA using the policy in this link https://docs.aws.amazon.com/en_pv/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html
Now the IAM user has AdministratorAccess already..so now with applying this force MFA policy now the user has 2 policies attached. The AWS managed policy AdministratorAccess and the new Managed policy i created Force_MFA
now when i try to run ansible iwth module https://docs.ansible.com/ansible/latest/modules/sts_assume_role_module.html that normally worked before attaching the Force_MFA policy now i get error that says i can not assume role of other accounts.
When i remove the Force_MFA policy then it works again.
Where is the problem coming from. Is this issue with the policy or with ansible? Is this Force_MFA policy not working as expected? It supposed to let me do other things if MFA is enabled but in asnible it does not but in GUI i can switch roles and it works fine. Just that ansible playbooks now fail and complain i cant assume role.
Mind you i already enabled MFA for this IAM user and i can assume and switch accounts in dashboard BUT when i try to do that in ansible i get boto error saying i can not assume role
Any help will be appreciated.
If you need to post anything to help let me know and i will post.
