Terraform、AWS 和 STS 请求中包含的安全令牌无效

Question

I'm trying to use terraform to initiate connections with AWS to create infra. If I run up aws configure sso, i can log in default to eu-west-2 and move around the estate I then use terraform apply, with the aws part as follows:

provider "aws" {
  region = "eu-west-2"
  shared_credentials_file = "~/.aws/credentials"
  profile = "450694575897_ProdPS-SuperUsers"
}

Terraform reports: Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. │ status code: 403, request id: 5b8be53d-253d-4c48-8568-ad78be14115f

The following vars are set:

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

If I run

aws sts get-session-token --region=us-west-2 

I get

An error occurred (InvalidClientTokenId) when calling the GetSessionToken operation: The security token included in the request is invalid.

Answer 1

I was having the same problem when i tried to deploy through terraform cloud .

You might be using an old key that is either deleted or inactive , to be sure:

1- Try to go to the security credentials on your account page: Click on your name in the top right corner -> My security credentials .

2- Check if the key you set in your credentials is deleted or still exists.

2.2- if it's deleted create a new key and use it.

3- If your key is still there, check if it is active .

Answer 2

I solved the issue doing the following:

$: aws configure
enter the access key:
enter the secret key:
select default region:
select default format[none/json]:

In your main.tf file add the profile shown as below

provider "aws" {
  region  = "eu-west-2"
  profile="xxxuuzzz"

}