AssumeRoleTokenProviderNotSetError: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set

[alephnull]

Description MFA is configured on my root account IAM user. I use the role_arn option in ~/.aws/config to assume a role in a subaccount which has a trust relationship with the root account. After signing in to AWS for CLI use,

Steps to reproduce the issue:

1. Sign in to AWS for CLIv2
2. docker context use myecs

Describe the results you received: All subsequent docker commands fail with AssumeRoleTokenProviderNotSetError: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set

Describe the results you expected: Expected to use the docker compose CLI as advertised.

Additional information you deem important (e.g. issue happens only occasionally): The problem can be worked around by,

unset AWS_PROFILE
export AWS_REGION=<region>

Output of docker-compose --version:

Docker version 20.10.23, build 7155243

Output of docker version:

Client: Docker Engine - Community
 Cloud integration: v1.0.30
 Version:           20.10.23
 API version:       1.41
 Go version:        go1.18.10
 Git commit:        7155243
 Built:             Thu Jan 19 17:45:08 2023
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.23
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.10
  Git commit:       6051f14
  Built:            Thu Jan 19 17:42:57 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.15
  GitCommit:        5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Output of docker context inspect:

$ docker context inspect de-prod-euc1
[
    {
        "Name": "de-prod-euc1",
        "Metadata": {
            "Description": "credentials read from environment",
            "Type": "ecs"
        },
        "Endpoints": {
            "docker": {
                "SkipTLSVerify": false
            },
            "ecs": {
                "CredentialsFromEnv": true
            }
        },
        "TLSMaterial": {},
        "Storage": {
            "MetadataPath": "/home/alok/.docker/contexts/meta/18233f528a6c61062ec86740a0d7f6ba2ec67316a5bbf00d3a605fae57a65261",
            "TLSPath": "/home/alok/.docker/contexts/tls/18233f528a6c61062ec86740a0d7f6ba2ec67316a5bbf00d3a605fae57a65261"
        }
    }
]

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.10.0-docker)
  scan: Docker Scan (Docker Inc., v0.23.0)

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 129
 Server Version: 20.10.23
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.0-60-generic
 Operating System: Ubuntu 22.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.51GiB
 Name: gauss
 ID: UOQJ:72SZ:ONUI:MCHL:N3I7:AI5F:425N:NCJ2:OW66:6B45:PJUI:YRAJ
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: alephnull
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional environment details (AWS ECS, Azure ACI, local, etc.): AWS ECS.