Multi-Factor Authentication (MFA) is an AWS-specific feature. Some user accounts are set up so that use of S3 or of a KMS key requires the use of a physical or virtual security device to enable the transaction. This is impractical for a batch job, so the Teradata Access Module for S3 supports use of a temporary, time-limited session token consisting of a temporary ID, Secret Key, and Security Token.
Use the AWS CLI with your credentials and security device to obtain the three values:
aws sts get-session-token --serial-number arn-of-the-mfa-device
--token-code code-from-token
The arn-of-the-mfa-device information can be found in the section (Security Credentials tab) of the AWS Web Console.
For example, it might look like this:
arn:aws:iam::<acct number>:mfa/<userid>
You will get a temporary AccessKeyId, SecretAccessKey, and SessionToken. Use these values as described in Temporary Security Tokens.