3

I am trying to assume an IAM role using aws-sdk as so...

var sts = new AWS.STS();
sts.assumeRole({
  RoleArn: 'arn:aws:iam::xxxxxx:root',
  RoleSessionName: 'awssdk'
}, function(err, data) {
  if (err) { // an error occurred
    console.log('Cannot assume role');
    console.log(err, err.stack);
  } 
  else { // successful response
    AWS.config.update({
      accessKeyId: data.Credentials.AccessKeyId,
      secretAccessKey: data.Credentials.SecretAccessKey,
      sessionToken: data.Credentials.SessionToken
    });
  }
});

But I keep getting...

InvalidClientTokenId: The security token included in the request is invalid

However, I can connect if I just use the following...

AWS.config.update({ accessKeyId: process.env.ID, secretAccessKey: process.env.SECRET });

Any reason why I cannot assume a role?

buydadip
  • 8,890
  • 22
  • 79
  • 154
  • 1
    Hello, did you found a solution? i have completly the same problem. i try to asume a role from a lambda function (to simulate it locally). => in my case it's an iam role, not a root.... – Stefan Volkmer Jan 20 '21 at 21:53
  • Same here, did you found a solution? The arn I'm using have the right format and it is a valid Role arn – leshugo33 Jun 07 '22 at 19:56

1 Answers1

2

The following

RoleArn: 'arn:aws:iam::xxxxxx:root',

is not the IAM role. It seems you are trying to assume the IAM root user. The correct ARN of a role has form of

arn:aws:iam::account-id:role/role-name-with-path
istrupin
  • 1,423
  • 16
  • 32
Marcin
  • 215,873
  • 14
  • 235
  • 294
  • 1
    i have an IAM Role. (Role which is also used in a lambda function). i try to asumeRole to simulate the lambda locally (incl. the role permissions). but i get an InvalidClientTokenId: The security token included in the request is invalid too. – Stefan Volkmer Jan 20 '21 at 21:55
  • @StefanVolkmer You could make new question about it, with the relevant details. – Marcin Jan 20 '21 at 22:15