Improve error messages

plugins/aws/access_key_test.go

@@ -620,7 +620,7 @@ func TestResolveLocalAnd1PasswordConfigurations(t *testing.T) {
 				ProfileName: "dev",
 				MfaSerial:   "arn:aws:iam::123456789012:mfa/user",
 			},
-			err: fmt.Errorf("MFA failed: the selected profile requires an OTP because an MFA serial (arn:aws:iam::123456789012:mfa/user) was detected but no 'One-Time Password' field was found in the associated item"),
+			err: fmt.Errorf("MFA failed: an MFA serial (arn:aws:iam::123456789012:mfa/user) was detected on the associated item for the selected profile, but no 'One-Time Password' field was found. Add an OTP to your item to use multi-factor authentication"),
 		},
 		{
 			description: "has region only in 1Password",

plugins/aws/sts_provisioner.go

@@ -243,7 +243,7 @@ func resolveLocalAnd1PasswordConfigurations(itemFields map[sdk.FieldName]string,
 	}
 
 	if awsConfig.HasMfaSerial() && awsConfig.MfaToken == "" {
-		return fmt.Errorf("MFA failed: the selected profile requires an OTP because an MFA serial (%s) was detected but no 'One-Time Password' field was found in the associated item", awsConfig.MfaSerial)
+		return fmt.Errorf("MFA failed: an MFA serial (%s) was detected on the associated item for the selected profile, but no 'One-Time Password' field was found. Add an OTP to your item to use multi-factor authentication", awsConfig.MfaSerial)
 	}
 
 	if hasRegion && awsConfig.Region != "" && region != awsConfig.Region {
@@ -374,7 +374,7 @@ func DetectSourceProfileLoop(profile string, config *confighelpers.ConfigFile) e
 
 		profileSection, ok := config.ProfileSection(sourceProfile)
 		if !ok {
-			return fmt.Errorf("source profile %s does not exist in the config file", sourceProfile)
+			return fmt.Errorf("source profile %s does not exist in your AWS config file", sourceProfile)
 		}
 
 		sourceProfile = profileSection.SourceProfile