I successfully authenticate with 2 factor but when using aws s3 ls I keep getting

An error occurred (InvalidToken) when calling the ListBuckets operation: The provided token is malformed or otherwise invalid.

And I do have admin rights.

Issue was that I wasn't passing the --region in. e.g. aws s3 --region us-gov-west-1 ls. I suppose this could be set with an ENV variable too. That error message is a candidate for improvement.

This error also occurs when aws cli reads the aws_session_token and aws_security_token declared in the ~/.aws file, which might be associated to a previously used account. Removing both and leaving just the key and the credentials associated to the account where the bucket is will force aws to establish the connection.

Please delete .aws/credentials file from your users account and reconfigure your aws cli. If you already associated with another account then there are high chances of this type of error.

Run aws configure

1. You may leave access key and access key id blank if you have an IAM role attached

2. Set value for 'region'

Now you will be able to successfully run 'aws s3 ls'

Else run 'aws s3 ls --region '