AWS plugin MFA fails intermittently

dmarkey · May 6

When using the AWS plugin with MFA and profiles, about one in every 5 times it fails with this error:

aws sts get-caller-identity --profile=profile
[ERROR] 2024/05/06 12:44:59 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
operation error STS: AssumeRole, failed to sign request: failed to retrieve credentials: operation error STS: GetSessionToken, https response error StatusCode: 403, RequestID: xx-xx-xx-xx-xx, api error AccessDenied: Cannot call GetSessionToken with session credentials

Most of the time I can then run op plugin run --debug --cache=false -- aws ls s3 to correct the situation.

New 1Password customer so all the newest Apps, it happens on Arch Linux and MacOS.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

danielharvey · August 25

I'm having similar issues using within Pulumi. Intermittent but fails a significant proportion of the time. Retrying works eventually.

[ERROR] 2024/08/25 08:18:01 could not run plugin AWS CLI: failed to provision credentials, encountered error(s):
operation error STS: GetSessionToken, https response error StatusCode: 403, RequestID: 9576b4aa-4a11-44a0-b3fe-4f6f4ab93bef, api error AccessDenied: MultiFactorAuthentication failed with invalid MFA one time pass code.

AWS plugin MFA fails intermittently

Comments