How can I resolve the error The security token included in the request is invalid when running aws iam upload-server-certificate

Question

I cd into the directory where all the pem key files are and run the following   aws iam upload-server-certificate      --server-certificate-name certificate name      --certificate-body file   webservercertificate pem       --private-key file   server key        --certificate-chain file   certificate chain file pem    I get the following error       A client error  InvalidClientTokenId  occurred when calling the   UploadServerCertificate operation  The security token included in the   request is invalid    I have 1  user  in  users   That user has been assigned the following permissions   IAMFullAccess IAMReadOnlyAccess IAMUserSSHKeys   I ve downloaded the credentials for this user and put them into my user variables  AWS ACCESS KEY      AWS SECRET KEY        I have 1 role on my elastic beanstalk  aws-elasticbeanstalk-ec2-role

User · Answer

This can also happen when you disabled MFA. There will be an old long term entry in the AWS credentials.

Edit the file manually with editor of choice, here using vi (please backup before):

vi ~/.aws/credentials

Then remove the [default-long-term] section. As result in a minimal setup there should be one section [default] left with the actual credentials.

[default-long-term]
aws_access_key_id = ...
aws_secret_access_key = ...
aws_mfa_device = ...

User · Answer

Click on your username in the top nav  My Security Credentials Click on Access Key Tab  Create New  copy the key and secret  From the terminal run   aws configure and use the new key and secret  Run the command again   serverless invoke local --function create --path mocks create-event json

User · Answer

I had to specify the AWS profile to use --profile default explicitly to get rid of this error while running AWS CLI commands  I could not understand though that why it did not pick up this profile automatically as there was only  dafault  profile present in my aws config and credentials file   I hope this helps   Cheers  Kunal

User · Answer

If switching from using temporary IAM role credentials to using IAM user credentials  don t forget to ensure AWS SESSION TOKEN  which is only used for temporary credentials  no longer has a value  unset AWS SESSION TOKEN   unset the environment variable

User · Answer

If you re using the CLI with MFA  you have to set the session token in addition to setting the access and secret keys  Please refer to this article  https   aws amazon com premiumsupport knowledge-center authenticate-mfa-cli

User · Answer

In my situation  the problem was due to running powershell as an admin  so it was looking for the aws credentials in the root of my admin user  There s probably a better way to resolve this  but what worked quickly for me was recreating my  aws folder in the root of my admin user

User · Answer

Try to go to the security credentials on your account page  Click on your name in the top right corner -  My security credentials  Then generate access keys over there and use those access keys in your credentials file  aws configure

User · Answer

Try to export the correct profile i e    export AWS PROFILE  default   If you only have a default profile make sure the keys are correct and rerun aws configure

User · Answer

This happened to me when using java sdk  The problem was for me was i wasnt using the session token from assumed role   Working code example   in kotlin            val identityUserPoolProviderClient   AWSCognitoIdentityProviderClientBuilder              standard                withCredentials AWSStaticCredentialsProvider BasicSessionCredentials  accessKeyId     secretAccessKey   sessionToken                  build

User · Answer

If you have been given a Session Token also  then you need to manually set it after configure   aws configure set aws session token   lt  lt your session token gt  gt

User · Answer

I had the same error  even after re-running aws configure  and inputting a new AWS ACESS KEY ID and AWS SECRET ACCESS KEY  What fixed it for me was to delete my    aws credentials file and re-run aws configure  It seems that my    aws credentials file had an additional value  aws session token which was causing the error  After deleting and re-creating the    aws configure using the command aws configure  there is now only values for aws access key id and aws secret access key

User · Answer

You are somehow using wrong AWS Credentials  AccessKey and SecretKey  of AWS Account  So make sure they are correct else you need to create new and use them - in that case may be  Prakash answer is good for you

User · Answer

I had the same error but was caused by a different issue   The credentials were changed on AWS but I was still using a cached MFA session token for the config profile    There is a cache file for each profile under    aws cli cache  containing the session token   Remove the cache file  reissue the command and enter a new MFA token and its good to go

User · Answer

I had similar issue when I was deploying my django application over elastic Beanstalk and what I found is when I was trying various methods somehow one eb-cli profile got created in config file in    aws  folder so once I got rid of that everything worked fine

User · Answer

I was able to use AWS cli fully authenticated  so for me the issue was within terraform for sure  I tried all the steps above with no success  A reboot fixed it for me  there must be some a cache somewhere in terraform that was causing this issue

User · Answer

This is weird  but in my case whenever I wanted to retype the access id and the key by typing aws configure  Adding the id access end up always with a mess in the access id entry in the file located     aws credentials see the picture    I have removed this mess and left only the access id  And the error resolved

User · Answer

I thought you could avoid it by just passing the --no-sign-request param  like so     aws --region us-west-2 --no-sign-request --endpoint-url http   192 168 99 100 4572    s3 mb s3   mytestbucket

User · Answer

In my case  there were two different  AWS SECRET ACCESS KEY  and  AWS ACCESS KEY ID  values set one through the Windows environment variable and one through the command line   So  update these two and the default region using a command line   gt  aws configure   Press enter and follow the steps to fill the correct AWS ACESS KEY ID AWS SECRET ACCESS KEY and AWS DEFAULT REGION   gt  aws sts get-caller-identity   should return the new set credentials

[amazon-web-services] How can I resolve the error "The security token included in the request is invalid" when running aws iam upload-server-certificate?

Examples related to amazon-web-services

Examples related to amazon-iam

Examples related to aws-cli