Doesn'taskMFAtokencodewhenusingassume_rolewithMFArequired

$ terraform --version

Terraform v0.11.0

hcl

terraform {

  backend "s3" {

    bucket &＃061; "terraform-state-bucket"

    key &＃061; "tf-state"

    region &＃061; "eu-west-1"

    role_arn &＃061; "arn:aws:iam::916005212345:role/OrganizationAccountAccessRole"

  }

}

provider "aws" {

  region &＃061; "eu-west-1"

  assume_role {

    role_arn &＃061; "arn:aws:iam::916005212345:role/OrganizationAccountAccessRole"

    session_name &＃061; "terraform-session"

  }

}

$ TF_LOG&＃061;debug terraform init

2017/11/23 13:36:12 [INFO] Terraform version: 0.11.0  

2017/11/23 13:36:12 [INFO] Go runtime version: go1.9.2

2017/11/23 13:36:12 [INFO] CLI args: []string{"/usr/local/Cellar/terraform/0.11.0/bin/terraform", "init"}

2017/11/23 13:36:12 [DEBUG] Attempting to open CLI config file: /Users/***/.terraformrc

2017/11/23 13:36:12 [DEBUG] File doesn&＃039;t exist, but doesn&＃039;t need to. Ignoring.

2017/11/23 13:36:12 [INFO] CLI command args: []string{"init"}

2017/11/23 13:36:12 [DEBUG] command: loading backend config file: /Users/***



Initializing the backend...

2017/11/23 13:36:12 [WARN] command: backend config change! saved: 16375281725947963338, new: 2383462577283113429

Backend configuration changed!



Terraform has detected that the configuration specified for the backend

has changed. Terraform will now reconfigure for this backend. If you didn&＃039;t

intend to reconfigure your backend please undo any changes to the "backend"

section in your Terraform configuration.





2017/11/23 13:36:12 [INFO] Building AWS region structure

2017/11/23 13:36:12 [INFO] Building AWS auth structure

2017/11/23 13:36:12 [INFO] Setting AWS metadata API timeout to 100ms

2017/11/23 13:36:13 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn&＃039;t return any instance-id

2017/11/23 13:36:13 [INFO] Attempting to AssumeRole arn:aws:iam::***:role/OrganizationAccountAccessRole (SessionName: "", ExternalId: "", Policy: "")

2017/11/23 13:36:13 [INFO] AWS Auth provider used: "SharedCredentialsProvider"

2017/11/23 13:36:13 [DEBUG] plugin: waiting for all plugin processes to complete...

Error initializing new backend:

Error configuring the backend "s3": The role "arn:aws:iam::***:role/OrganizationAccountAccessRole" cannot be assumed.



  There are a number of possible causes of this - the most common are:

    * The credentials used in order to assume the role are invalid

    * The credentials do not have appropriate permission to assume the role

    * The role ARN is not valid



Please update the configuration in your Terraform files to fix this error

then run this command again.