Log in with MFA to an HSM using CloudHSM CLI

User type Syntax Example Arguments Related topics

Use the login mfa-token-sign command in AWS CloudHSM CloudHSM CLI to log in to a hardware security module (HSM) using multifactor authentication (MFA). To use this command, you must first set up MFA for CloudHSM CLI.

The following users can run these commands.

Admin
Crypto user (CU)


aws-cloudhsm > help login mfa-token-sign
Login with token-sign mfa

USAGE:
    login --username <USERNAME> --role <ROLE> mfa-token-sign --token <TOKEN>

OPTIONS:
      --cluster-id <CLUSTER_ID>  Unique Id to choose which of the clusters in the config file to run the operation against. If not provided, will fall back to the value provided when interactive mode was started, or error
      --token <TOKEN>            Filepath where the unsigned token file will be written
  -h, --help                     Print help


aws-cloudhsm > login --username test_user --role admin mfa-token-sign --token /home/valid.token
Enter password:
Enter signed token file path (press enter if same as the unsigned token file):
{
  "error_code": 0,
  "data": {
    "username": "test_user",
    "role": "admin"
  }
}

<CLUSTER_ID>

The ID of the cluster to run this operation on.

Required: If multiple clusters have been configured.

<TOKEN>

Filepath where the unsigned token file will be written.

Required: Yes

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

logout