17.10 - Multi-Factor Authentication - Access Module

Teradata® Tools and Utilities Access Module Reference

Product
Access Module
Release Number
17.10
Published
October 2021
Language
English (United States)
Last Update
2021-11-02
dita:mapPath
uur1608578381725.ditamap
dita:ditavalPath
obe1474387269547.ditaval

Multi-Factor Authentication (MFA) is an AWS-specific feature. Some user accounts are set up so that use of S3 or of a KMS key requires the use of a physical or virtual security device to enable the transaction. This is impractical for a batch job, so the Teradata Access Module for S3 supports use of a temporary, time-limited session token consisting of a temporary ID, Secret Key, and Security Token.

Use the AWS CLI with your credentials and security device to obtain the three values:

aws sts get-session-token --serial-number arn-of-the-mfa-device

--token-code code-from-token

The arn-of-the-mfa-device information can be found in the IAM > Users section (Security Credentials tab) of the AWS Web Console.

For example, it might look like this:

arn:aws:iam::<acct number>:mfa/<userid>

You will get a temporary AccessKeyId, SecretAccessKey, and SessionToken. Use these values as described in Temporary Security Tokens.