AssumeRoleTokenProviderNotSetError: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set #2227
Description
Description
MFA is configured on my root account IAM user. I use the role_arn option in ~/.aws/config to assume a role in a subaccount which has a trust relationship with the root account. After signing in to AWS for CLI use,
Steps to reproduce the issue:
- Sign in to AWS for CLIv2
docker context use myecs
Describe the results you received:
All subsequent docker commands fail with AssumeRoleTokenProviderNotSetError: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set
Describe the results you expected:
Expected to use the docker compose CLI as advertised.
Additional information you deem important (e.g. issue happens only occasionally):
The problem can be worked around by,
unset AWS_PROFILE
export AWS_REGION=<region>
Output of docker-compose --version:
Docker version 20.10.23, build 7155243
Output of docker version:
Client: Docker Engine - Community
Cloud integration: v1.0.30
Version: 20.10.23
API version: 1.41
Go version: go1.18.10
Git commit: 7155243
Built: Thu Jan 19 17:45:08 2023
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.23
API version: 1.41 (minimum version 1.12)
Go version: go1.18.10
Git commit: 6051f14
Built: Thu Jan 19 17:42:57 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.15
GitCommit: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Output of docker context inspect:
$ docker context inspect de-prod-euc1
[
{
"Name": "de-prod-euc1",
"Metadata": {
"Description": "credentials read from environment",
"Type": "ecs"
},
"Endpoints": {
"docker": {
"SkipTLSVerify": false
},
"ecs": {
"CredentialsFromEnv": true
}
},
"TLSMaterial": {},
"Storage": {
"MetadataPath": "/home/alok/.docker/contexts/meta/18233f528a6c61062ec86740a0d7f6ba2ec67316a5bbf00d3a605fae57a65261",
"TLSPath": "/home/alok/.docker/contexts/tls/18233f528a6c61062ec86740a0d7f6ba2ec67316a5bbf00d3a605fae57a65261"
}
}
]
Output of docker info:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.10.0-docker)
scan: Docker Scan (Docker Inc., v0.23.0)
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 129
Server Version: 20.10.23
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
runc version: v1.1.4-0-g5fd4c4d
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.15.0-60-generic
Operating System: Ubuntu 22.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.51GiB
Name: gauss
ID: UOQJ:72SZ:ONUI:MCHL:N3I7:AI5F:425N:NCJ2:OW66:6B45:PJUI:YRAJ
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: alephnull
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Additional environment details (AWS ECS, Azure ACI, local, etc.):
AWS ECS.