Error: The security token included in the request is invalid - AWS DynamoDB

Question

The file is stored in .js script and located in AWS S3.

AWS.config.update({
  region: "us-west-2",
  //endpoint: 'dynamodb.us-west-2.amazonaws.com',
  accessKeyId: "name",
  secretAccessKey: "pass"
});

var dynamodb = new AWS.DynamoDB({apiVersion: '2012-08-10'});
var params = {
    TableName : "table_name",
    ProjectionExpression:"company, link, budget",
    KeyConditionExpression: "company = :Adidas"
};
dynamodb.query(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

I am trying to get data from DynamoDB, but instead get this:

Error: The security token included in the request is invalid. at Request.extractError (aws-sdk.js:96980) at Request.callListeners (aws-sdk.js:98762) at Request.emit (aws-sdk.js:98736) at Request.emit (aws-sdk.js:97899) at Request.transition (aws-sdk.js:97626) at AcceptorStateMachine.runTo (aws-sdk.js:101148) at aws-sdk.js:101160 at Request. (aws-sdk.js:97642) at Request. (aws-sdk.js:97901) at Request.callListeners (aws-sdk.js:98772) "UnrecognizedClientException: The security token included in the request is invalid. at Request.extractError ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:96980:27 ) at Request.callListeners ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:98762:20 ) at Request.emit ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:98736:10 ) at Request.emit ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:97899:14 ) at Request.transition ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:97626:10 ) at AcceptorStateMachine.runTo ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:101148:12 ) at https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:101160:10 at Request. ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:97642:9 ) at Request. ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:9790 1:12 ) at Request.callListeners ( https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:98772:18 )"

How can I make this work?

Answer 1

The error message indicates a problem with credentials. Embedding credentials in local variables in a script poses a security risk. Please try to use one of the recommended methods to configure your client credentials, in decreasing order of preference:

1. AWS Identity and Access Management (IAM) roles (for example, in EC2 instance profiles or Lambda execution roles)
2. A shared credentials file (~/.aws/credentials)
3. Environment variables
4. A JSON file on disk

Answer 2

I got the same error. But in my case, it turned out that I incorrectly passed credentials. I used AWS SDK v3, but tried to do it in the AWS SDK v2 way - the API is almost the same, so I didn't check it at once.

So if you are using AWS SDK v3, you should do it the following way (if you have configured your credentials via aws configure --profile profile_name ):

let config = { region: 'us-east-1' };
if (process.env.NODE_ENV !== 'production') {
    // it is needed only for development, so a dynamic import is used
    const { fromIni } = await import('@aws-sdk/credential-provider-ini');
    config = {
        region: 'us-west-2',
        credentials: fromIni({
            profile: 'profile_name',
        }),
    };
}
const db = new DynamoDB(config)

Or an alternative way:

import { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';
const configFiles = await loadSharedConfigFiles();
const db = new DynamoDB({
    region: configFiles.configFile['profile_name'].region || 'us-east-1',
    credentials: {
        accessKeyId: configFiles.credentialsFile['profile_name'].aws_access_key_id,
        secretAccessKey: configFiles.credentialsFile['profile_name'].aws_secret_access_key,
    }
});