Credentials behaviour change vs SDK v2

[rphippswiley]

When using a Shared Configuration profile that includes mfa_serial:

In SDK v2 it seemed the priority was to attempt to use the generated credentials in ~/.aws/credentials ( in our case, previously generated by the CLI). At the very least SDK v2 did not throw due to mfa_serial being in the profile and was happy to use the previously generated credentials.

In SDK v3, the priority is to attempt to assume role with the mfa_serial, and throws due to me not supplying mfa token function. It then finishes the credentials chain without trying the credentials generated previously.

Is this the desired behaviour?

versions (if it matters much)
SDK v2 : aws-sdk@2.1303.0
SDK v3:
"@aws-sdk/client-ssm": "^3.329.0",
"@aws-sdk/node-http-handler": "^3.329.0",

I'm simply reading a parameter

with a ~/.aws/config file containing a profile with mfa_serial like so:

[profile myprofile]
region = eu-west-1
output = json
role_arn = blah
mfa_serial = blah

1. Assume Role myprofile via aws cli, and store myprofile credentials in ~/.aws/credentials

2. attempt to get a parameter from paramstore e.g.

    import { SSMClient, GetParameterCommand } from '@aws-sdk/client-ssm';
    import { NodeHttpHandler } from '@aws-sdk/node-http-handler';
    this.ssm = new SSMClient({
      apiVersion: '2014-11-06',
      region: 'eu-west-1',
      requestHandler: new NodeHttpHandler({
        connectionTimeout: 3000,
        socketTimeout: 3000,
      }),
    });
    const command = new GetParameterCommand({
      Name: 'name',
      WithDecryption: true,
    });
      const response = await this.ssm.send(command);

3. it ignores ~/.aws/credentials due to existence of mfa_serial, vs SDK2 which worked fine