claranet/ssha

Catch incorrect MFA device/code used.

Closed this issue · 0 comments

GeneralAardvark commented

Ugly error when wrong MFA device/code is used:

[ssha] creating aws session
Enter MFA code: 
Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/usr/local/lib/python2.7/dist-packages/ssha/__main__.py", line 29, in <module>
    instances = ec2.discover_instances()
  File "/usr/local/lib/python2.7/dist-packages/ssha/ec2.py", line 116, in discover_instances
    ssm_filters=config.get('discover.ssm'),
  File "/usr/local/lib/python2.7/dist-packages/ssha/ec2.py", line 76, in _find_instances
    for instance in _describe_instances():
  File "/usr/local/lib/python2.7/dist-packages/ssha/ec2.py", line 11, in _describe_instances
    ec2 = aws.client('ec2')
  File "/usr/local/lib/python2.7/dist-packages/ssha/aws.py", line 14, in client
    return session().client(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/boto3/session.py", line 263, in client
    aws_session_token=aws_session_token, config=config)
  File "/usr/local/lib/python2.7/dist-packages/botocore/session.py", line 825, in create_client
    credentials = self.get_credentials()
  File "/usr/local/lib/python2.7/dist-packages/botocore/session.py", line 449, in get_credentials
    'credential_provider').load_credentials()
  File "/usr/local/lib/python2.7/dist-packages/botocore/credentials.py", line 1146, in load_credentials
    creds = provider.load()
  File "/usr/local/lib/python2.7/dist-packages/botocore/credentials.py", line 842, in load
    return self._load_creds_via_assume_role()
  File "/usr/local/lib/python2.7/dist-packages/botocore/credentials.py", line 861, in _load_creds_via_assume_role
    creds, response = self._retrieve_temp_credentials()
  File "/usr/local/lib/python2.7/dist-packages/botocore/credentials.py", line 970, in _retrieve_temp_credentials
    response = client.assume_role(**assume_role_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 312, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 601, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation: MultiFactorAuthentication failed with invalid MFA one time pass code.