By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How do I troubleshoot the "entity already exists" error when an IAM user tries to create a new MFA device?

2 minute read
0

I tried to create a new multi-factor authentication (MFA) device for an AWS Identity and Access Management (IAM) user. I received an error similar to the following: "MFA Device entity at the same path and name already exists." The IAM user doesn't have any MFA devices.

Resolution

If an MFA device is created but isn't activated for use with IAM users, then this error occurs. First, deactivate the MFA device. Use the AWS Command Line Interface (AWS CLI) to delete the MFA device. Then, recreate the MFA device.

Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Complete the following steps:

  1. To list all virtual MFA devices created in your AWS account, run the list-virtual-mfa-devices AWS CLI command:

    aws iam list-virtual-mfa-devices --assignment-status Unassigned
  2. Note the MFA device serial number that aligns with the name that you're creating.

  3. To delete the MFA device, run the delete-virtual-mfa-device AWS CLI command:

    aws iam delete-virtual-mfa-device --serial-number arn:aws:iam::account-id:mfa/device-name
  4. Create a new MFA device.
    Follow the instructions to activate a virtual MFA device for an IAM user (console).
    -or-
    Follow the instructions to assign MFA devices in the AWS CLI or AWS API.

If you don't find unassigned devices with the same name, then that same device name was used for an MFA device by another user. Use a different name for your MFA device.

Related information

How can I require MFA authentication for IAM users that use the AWS CLI?

Using multi-factor authentication

How do I use an MFA token to authenticate access to my AWS resources through the AWS CLI?

AWS OFFICIAL
AWS OFFICIALUpdated 2 months ago