Deregister an MFA public key using CloudHSM CLI

Follow these steps to deregister a multi-factor authentication (MFA) public key for AWS CloudHSM admin users when MFA public key is registered.

Use CloudHSM CLI to log in to the HSM as an admin with MFA enabled.

Use the user change-mfa token-sign command to remove MFA for a user.


aws-cloudhsm > user change-mfa token-sign --username <username> --role admin --deregister --change-quorum
Enter password:
Confirm password:
{
  "error_code": 0,
  "data": {
    "username": "<username>",
    "role": "admin"
  }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Rotate keys

Token file reference