Description
We have several accounts, which we access by assuming roles from a common 'login' account requiring MFA. ecs-cli doesn't prompt for MFA.
# .aws/config
[profile account2]
role_arn = arn:aws:iam::<account2_id>:role/account2role
mfa_serial = arn:aws:iam::<account1_id>:mfa/user.name
source_profile = account1
output = json
# .aws/credentials
[account1]
aws_access_key_id = access_key_account1
aws_secret_access_key = secret_key_account1
The regular AWS CLI prompts for MFA:
> AWS_PROFILE=account2 aws s3 ls
Enter MFA code:
The ecs-cli doesn't prompt, and returns an error:
> AWS_PROFILE=account2 ecs-cli ps
ERRO[0000] Error executing 'ps AccessDenied: User: arn:aws:iam::<account1_id>:user/path/to/user.name is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::<account2_id>:role/account2role with an explicit deny
status code: 403, request id: <UUID>