We have recently had a number of students report problems with setting up the AWS MFA on Google Authenticator.
Some students have reported that when they 1st try to set up the MFA as part of the course that when they enter the verification code generated by google authenticator and click on submit, they recieve and error message.
" You need permissions You do not have the permission required to perform this operation. Ask your administrator to add permissions. Learn more Authentication code for device is not valid."
I have never been able to recreate the problem myself, so I suspect that it is intermittent as opposed to being systemic.
Possible causes & solutions
It is unclear exactly what the problem is, however it does seem to be a bug between AWS and Google, and not something that the students are doing.
1- Many of these systems are asynchronous, and so timing can be a possible cause. Some students have found that by either leaving it for 15 minutes, or logging out of AWS and back in that the problem goes away. Not very scientific, but if it is a timing issue this could be a work around.
Another student felt that the problem was with the QR code and used the provided secret Key instead, and was able to get the setup to work.
A common cause of problems (but probably not this one) is failing to provide two consecutive codes. They must be consecutive and so timing is critical.
While none of these have proven to be 100% the cause and treatment it does seem to have allowed students to move forward.