$ aws-vault exec testaccount_prod --debug --duration=8h 

2020/04/06 03:14:35 aws-vault v5.3.2
2020/04/06 03:14:35 [keyring] Considering backends: [keychain pass file]
2020/04/06 03:14:35 Loading config file /Users/test/.aws/config
2020/04/06 03:14:35 Parsing config file /Users/test/.aws/config
2020/04/06 03:14:35 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2020/04/06 03:14:35 [keyring] Found 1 results
2020/04/06 03:14:35 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2020/04/06 03:14:35 [keyring] Found 1 results
2020/04/06 03:14:35 profile testaccount: using stored credentials
2020/04/06 03:14:35 profile testaccount: skipping GetSessionToken because duration 8h0m0s in profile 'testaccount_prod' is greater than the AWS maximum 1h0m0s for chaining MFA
2020/04/06 03:14:35 profile testaccount_prod: using AssumeRole (with MFA)
Enter token for arn:aws:iam::xxxxxx:mfa/test: 123456
2020/04/06 03:14:44 Looking up keyring for 'testaccount'
2020/04/06 03:14:44 [keyring] Querying keychain for service="aws-vault", account="testaccount", keychain="aws-vault.keychain"
2020/04/06 03:14:47 [keyring] Found item "aws-vault (testaccount)"
2020/04/06 03:14:48 Generated credentials ****************Z55Y using AssumeRole, expires in 8h0m0.403737s
2020/04/06 03:14:48 Setting subprocess env: AWS_DEFAULT_REGION=eu-west-1, AWS_REGION=eu-west-1
2020/04/06 03:14:48 Setting subprocess env: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
2020/04/06 03:14:48 Setting subprocess env: AWS_SESSION_TOKEN, AWS_SECURITY_TOKEN
2020/04/06 03:14:48 Setting subprocess env: AWS_SESSION_EXPIRATION

[default]
region=eu-west-1
output=json

[profile testaccount]
mfa_serial = arn:aws:iam::xxxxx:mfa/test
duration_seconds = 28800

[profile testaccount_prod]
source_profile = testaccount
role_arn = arn:aws:iam::xxxxx:role/admin
mfa_serial = arn:aws:iam::xxxxx:mfa/test