DevOps | Cloud | Analytics | Open Source | Programming





How To Fix - "Entity Already Exists" Error While Creating MFA Device in AWS ?


In this post, we will explore How To Fix - ""Entity Already Exists" error creating MFA Device in AWS IAM which happens while we are trying to create multi-factor authentication (MFA) device for AWS Identity and Access Management (IAM) user. Error Log


This entity already exists. 
<!-- more -->

MFADevice entity at the same path and name already exists. 
Before you can add a new virtual MFA device, ask your administrator 
to delete the existing device using the CLI or API.MFA Device entity at the same path and name already exists.
 


MFA Device entity at the same path and name already exists
  Follow below steps to fix this -

  • List all the virtual MFA devices in the AWS account by assignment status. IAM resource-listing operations return a subset of the available attributes for the resource. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned , Unassigned , or Any .

$aws iam list-virtual-mfa-devices
You get output in below format.


"VirtualMFADevices": \[
  {
    "SerialNumber": "arn:aws:iam::123456789012:mfa/TestMFADevice"
  },
  {
    "SerialNumber": "arn:aws:iam::1234648412:mfa/user1"
  }
\]
Complete command syntax


list-virtual-mfa-devices
\[--assignment-status <value>\]
\[--max-items <value>\]
\[--cli-input-json | --cli-input-yaml\]
\[--starting-token <value>\]
\[--page-size <value>\]
\[--generate-cli-skeleton <value>\]
\[--debug\]
\[--endpoint-url <value>\]
\[--no-verify-ssl\]
\[--no-paginate\]
\[--output <value>\]
\[--query <value>\]
\[--profile <value>\]
\[--region <value>\]
\[--version <value>\]
\[--color <value>\]
\[--no-sign-request\]
\[--ca-bundle <value>\]
\[--cli-read-timeout <value>\]
\[--cli-connect-timeout <value>\]
\[--cli-binary-format <value>\]
\[--no-cli-pager\]
\[--cli-auto-prompt\]
 

  • There will be a MFA serial number. Find it using the below -

arn:aws:iam::<aws\_acc\_id>:mfa/<user>
 

  • Deactivates the specified MFA device. It also removes it from association with the user name for which it was originally enabled.

$aws iam deactivate-mfa-device --user-name <user\_name> --serial-number arn:aws:iam::<aws\_acc\_id>:mfa/<Your\_username>
Example-


aws iam deactivate-mfa-device --user-name Joy --serial-number arn:aws:iam::210987654321:mfa/JoyMFADevice
If above gives error MFA Device doesn't exist, you could still proceed to the next step. Complete Syntax


 deactivate-mfa-device
--user-name <value>
--serial-number <value>
\[--cli-input-json | --cli-input-yaml\]
\[--generate-cli-skeleton <value>\]
\[--debug\]
\[--endpoint-url <value>\]
\[--no-verify-ssl\]
\[--no-paginate\]
\[--output <value>\]
\[--query <value>\]
\[--profile <value>\]
\[--region <value>\]
\[--version <value>\]
\[--color <value>\]
\[--no-sign-request\]
\[--ca-bundle <value>\]
\[--cli-read-timeout <value>\]
\[--cli-connect-timeout <value>\]
\[--cli-binary-format <value>\]
\[--no-cli-pager\]
\[--cli-auto-prompt\]
\[--no-cli-auto-prompt\]
 

  • Delete the virtual MFA device. Below command removes the specified MFA device from the current account.

$aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::<aws\_acc\_id>:mfa/<Your\_username>
Example


aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::123456789012:mfa/JoyMFADevice
Complete Syntax


 delete-virtual-mfa-device
--serial-number <value>
\[--cli-input-json | --cli-input-yaml\]
\[--generate-cli-skeleton <value>\]
\[--debug\]
\[--endpoint-url <value>\]
\[--no-verify-ssl\]
\[--no-paginate\]
\[--output <value>\]
\[--query <value>\]
\[--profile <value>\]
\[--region <value>\]
\[--version <value>\]
\[--color <value>\]
\[--no-sign-request\]
\[--ca-bundle <value>\]
\[--cli-read-timeout <value>\]
\[--cli-connect-timeout <value>\]
\[--cli-binary-format <value>\]
\[--no-cli-pager\]
\[--cli-auto-prompt\]
\[--no-cli-auto-prompt\]
 

  • Create new MFA device.
  Hope this helps.  

Additional Posts you might want to read from this Blogs-

·        How To Setup Spark Scala SBT in Eclipse

·        How To Set up Apache Spark & PySpark in Windows 10

·        How to Send Large Messages in Kafka ?

·        Fix Spark Error – “org.apache.spark.SparkException: Failed to get broadcast_0_piece0 of broadcast_0”

·        How to Handle Bad or Corrupt records in Apache Spark ?

·        How to use Broadcast Variable in Spark ?

·        How to log an error in Python ?

·        How to Code Custom Exception Handling in Python ?

·        How to Handle Errors and Exceptions in Python ?

·        How To Fix – “Ssl: Certificate_Verify_Failed” Error in Python ?

 


MFA Device entity at the same path and name already exists ,aws mfa entity already exists error ,error entity\_already\_exists ,aws mfadevice entity at the same path and name already exists ,ensure multi factor authentication (mfa is enabled for all iam users that have a console password) ,mfa device, ask your administrator to delete the existing device using the cli or api. ,an error occurred accessdenied when calling the deletevirtualmfadevice operation ,aws iam list-virtual-mfa-devices ,aws root user mfa ,aws multiple mfa devices ,aws console ,mfa device, ask your administrator to delete the existing device using the cli or api. ,ensure multi factor authentication (mfa is enabled for all iam users that have a console password) ,aws cli mfa delete ,aws iam list-virtual-mfa-devices ,aws mfa 1password ,aws root user mfa ,aws multiple mfa devices ,aws mfa setup ,This entity already exists