0

My issue is AWS boto3 package, authorization, python.

Referencing to https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html section: "Configuring credentials" the aws credentials for boto3 instance can be sought from from "4. Shared credential file (~/.aws/credentials)"

To proof the ~/.aws/credentials are valid and sufficient I am using aws cli (secretsmanager: create-secret, get-secret-value calls). The response/results are OK.

Not so the boto3 instance in python code (using client.get_secret_value).

Expected: error free response

Actualy:

botocore.exceptions.ClientError: An error occurred
(UnrecognizedClientException) when calling the GetSecretValue
 operation: The security token included in the request is invalid.

Any hint appreciated, thnx.

harry hartmann
  • 351
  • 1
  • 9
  • Make sure you are using an updated version of boto3. I've seen some shenanigans with versions older than 1.18. – DeepSpace Dec 14 '22 at 15:49
  • using: name = "boto3" version = "1.26.28" – harry hartmann Dec 14 '22 at 16:06
  • you have to pass profile if you are using other than default profile. https://stackoverflow.com/a/58431571/6285054 if you are running locally or some server. – Avinash Dalvi Dec 14 '22 at 16:12
  • 2
    Please add your `client` or `session` initialisation code to the question. – fedonev Dec 14 '22 at 16:13
  • Debug print of the results of STS [get_caller_identity](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts.html#STS.Client.get_caller_identity) will clarify the credentials actually being used. – jarmod Dec 14 '22 at 16:54
  • Also consider enabling [boto debug logging](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/boto3.html) to see what's actually happening. – jarmod Dec 14 '22 at 16:59
  • thank you for suggestions, in my case the problem was env values used in IDE context, shadowing the incoming default values from .aws/credentials. Problem solved. – harry hartmann Dec 14 '22 at 18:54
  • Did you use `boto3.Session` class to create a session and specify the credentials to use when creating the client, rather than relying on the shared credentials file? – Abdullah Ilgaz Dec 14 '22 at 23:51
  • Harry, great to hear you got it solved! Please add an Answer to help future readers. (Yes, you can answer your own Questions.) – John Rotenstein Dec 15 '22 at 04:11

1 Answers1

0

The problem's cause and solution: I forgot to check my IDE interpreter env setup which overrode the user's os env when code is executed by IDE.

jarmod
  • 71,565
  • 16
  • 115
  • 122
harry hartmann
  • 351
  • 1
  • 9