6

hi I am unable to run this command aws sts get-caller-identity.

when I do sudo nano ~/.aws/credentials I can only locate this

[default]
aws_access_key_id = my_id
aws_secret_access_key = my_secret_id

and after doing successful steps of command aws configure when I am doing aws sts get-caller-identity I am getting this error

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

any reason which could cause this ?

pie
  • 97
  • 1
  • 1
  • 6
  • Looks like you are missing `aws_session_token` ? – Paolo Dec 08 '21 at 14:40
  • @Paolo can't I do without session token ? as my teammates are doing without token and that's working fine but issue on my side – pie Dec 08 '21 at 14:48
  • @pie are you using credentials of an IAM user? Otherwise if those credentials are from an SSO user or generated when using sts assume-role then the aws_session_token is required – OARP Dec 08 '21 at 15:29
  • @OmarRosadio yes using credentials of an IAM user. – pie Dec 08 '21 at 15:30
  • 1
    Ok, and you only have configured credentials in /.aws/credentials? Can you check env vars? Because env vars take priority over credentialas config file. So if a previous configuration in env vars was incorrect, it stills cause conflict – OARP Dec 08 '21 at 15:33
  • @OmarRosadio I check my env vars using `printenv` and there are 2 keys `AWS_SECRET_ACCESS_KEY` and `AWS_ACCESS_KEY_ID` exist with different values . is that causing issue ? but there is no session varibale . how I can delete these or replace these ? – pie Dec 08 '21 at 15:38
  • In linux use the 'printenv' command the list all env vars. If are present the variables "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN", you need to unset them using the 'unset' command: "unset AWS_SECRET_ACCESS_KEY AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN" – OARP Dec 08 '21 at 15:38
  • Those previous configured values can be causing the issue if was missconfigured. Try removing them using the 'unset' command – OARP Dec 08 '21 at 15:40
  • @OmarRosadio sir after unsetting getting this error `Partial credentials found in env, missing: AWS_SECRET_ACCESS_KEY` – pie Dec 08 '21 at 15:46
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/239951/discussion-between-omar-rosadio-and-pie). – OARP Dec 08 '21 at 15:47

2 Answers2

7

Sometimes this kind of issues are caused by another credential configuration.

Environment variables credential configuration takes prority over credentials config file. So in case there are present the environment variables "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY" or "AWS_SESSION_TOKEN" these could generate issues if it were missconfigured or have been expired.

Try checking the env vars associated to AWS Credentials and removing them using the 'unset' command in linux.

Additionally, to remove env vars permanently you need to remove the lines related on configuration files like:

  • /etc/environment
  • /etc/profile
  • ~/.profile
  • ~/.bashrc

Reference:

Configuration settings and precedence

OARP
  • 3,429
  • 1
  • 11
  • 20
1

I had my default region disabled by default (eu-south-1), so I had to enable it via the Web console at first, then it worked.

Denis Zhbankov
  • 1,018
  • 1
  • 10
  • 10