Alternative MFA devices / solutions are not supported, the script does not fail nicely in cases where such devices are configured as MFA on AWS side

[xylix]

AWS cloud supports multiple sorts of MFA devices, for example Yubikeys. The acquire code implementation of AWSMFA does not support any such devices

awsmfa/awsmfa/__main__.py

Line 170 in 4d3565c

while token_code is None or len(token_code) != 6:

.

If such devices are not planned to be supported, I think adding a validation for a supported MFA method here

awsmfa/awsmfa/__main__.py

Line 162 in 4d3565c

serial_number = find_mfa_for_user(args.serial_number, session, session3)

would make sense. Also the while loop at line 170 of main.py could also output an error for the user if the entered token is over 6 characters long.

If such devices could be supported (for example yubikey could be supported with an optional dependency to python-yubico, or even with some custom code) that would be great (and I could maybe look into adding some support for my devices in a PR).

[dcoker]

Hi Xylix! I would be happy to review PRs that bring the tool up to date on the new features of the related AWS APIs and improve input validation. Thanks!

[xylix]

Cool! I'll try to get a PR up.