[英]Terraform, AWS and STS The security token included in the request is invalid
I'm trying to use terraform to initiate connections with AWS to create infra.我正在尝试使用 terraform 来启动与 AWS 的连接以创建基础设施。 If I run up aws configure sso, i can log in default to eu-west-2 and move around the estate I then use terraform apply, with the aws part as follows:
如果我运行 aws configure sso,我可以默认登录到 eu-west-2 并在庄园周围移动,然后使用 terraform 应用,aws 部分如下:
provider "aws" {
region = "eu-west-2"
shared_credentials_file = "~/.aws/credentials"
profile = "450694575897_ProdPS-SuperUsers"
}
Terraform reports: Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. Terraform 报告:错误:错误使用凭据获取帐户 ID:错误调用 sts:GetCallerIdentity: InvalidClientTokenId:请求中包含的安全令牌无效。 │ status code: 403, request id: 5b8be53d-253d-4c48-8568-ad78be14115f
│ 状态码:403,请求id:5b8be53d-253d-4c48-8568-ad78be14115f
The following vars are set:设置了以下变量:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
If I run如果我跑
aws sts get-session-token --region=us-west-2
I get我明白了
An error occurred (InvalidClientTokenId) when calling the GetSessionToken operation: The security token included in the request is invalid.
I was having the same problem when i tried to deploy through
terraform cloud
.当我尝试通过
terraform cloud
进行部署时,我遇到了同样的问题。
You might be using an old key
that is either deleted
or inactive
, to be sure:您可能正在使用
deleted
或inactive
的old key
,以确保:
1- Try to go to the security credentials on your account page: Click on your name in the top right corner -> My security credentials
. 1- 尝试转到您帐户页面上的安全凭证:单击右上角的您的姓名 ->
My security credentials
。
2- Check if the key you set in your credentials is deleted or still exists. 2- 检查您在凭据中设置的密钥是否已删除或仍然存在。
2.2- if it's deleted create a new key and use it. 2.2- 如果它被删除,创建一个新密钥并使用它。
3- If your key is still there, check if it is active
. 3- 如果您的钥匙还在,请检查它是否
active
。
I solved the issue doing the following:我解决了以下问题:
$: aws configure
enter the access key:
enter the secret key:
select default region:
select default format[none/json]:
In your main.tf file add the profile shown as below在您的 main.tf 文件中添加如下所示的配置文件
provider "aws" {
region = "eu-west-2"
profile="xxxuuzzz"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.