U2F MFA doesn't work with AssumeRole

[dgouldin]

I just switched my IAM user's MFA device to U2F, and when trying to assume a role that requires MFA, I now get a validation error when using my U2F device:

botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the AssumeRole operation: 2 validation errors detected: Value '[redacted]' at 'tokenCode' failed to satisfy constraint: Member must satisfy regular expression pattern: [\d]*; Value '[redacted]' at 'tokenCode' failed to satisfy constraint: Member must have length less than or equal to 6

It looks as though there's validation that tokenCode is a 6 digit number.

[JordonPhillips]

Looks like U2F isn't supported for API access yet:

You cannot use MFA-protected API access with U2F security keys.

Similar request in aws/aws-cli#3607

I've passed on this very quick outpouring of desire for the feature to the service team.