I am using, terraform & kubectl to deploy insfra-structure and application.
Since I changed aws configure:
terraform init
terraform apply
I always got:
terraform apply
Error: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
status code: 403, request id: 5ba38c31-d39a-11e9-a642-21e0b5cf5c0e
on providers.tf line 1, in provider "aws":
1: provider "aws" {
Can you advise? Appreciate !
From here .
This is a general error that can be cause by a few reasons.
Some examples:
1) Invalid credentials passed as environment variables or in ~/.aws/credentials
.
Solution: Remove old profiles / credentials and clean all your environment vars :
for var in AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SECURITY_TOKEN ; do eval unset $var ; done
2) When your aws_secret_access_key
contains characters like the plus-sign +
or multiple forward-slash /
. See more in here .
Solution: Delete credentials and generate new ones.
3) When you try to execute Terraform inside a region which must be explicitly enabled (and wasn't).
(In my case it was me-south-1 (Bahrain)
- See more in here ).
Solution: Enable region or move to an enabled one.
4) In cases where you work with 3rd party tools like Vault and don't supply valid AWS credentials to communicate with - See more in here .
All will lead to a failure of aws sts:GetCallerIdentity
API.
I got the same invalid token error after adding an S3 Terraform backend.
It was because I was missing a profile
attribute on the new backend.
This was my setup when I got the invalid token error:
# ~/.aws/credentials
[default]
aws_access_key_id = OJA6...
aws_secret_access_key = r2a7...
[my_profile_name]
aws_access_key_id=RX9T...
aws_secret_access_key=oaQy...
// main.tf
terraform {
backend "s3" {
bucket = "terraform-state"
encrypt = true
key = "terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-state-locks"
}
}
And this was the fix that worked (showing a diff, I added the line with "+" at the beginning):
// main.tf
terraform {
backend "s3" {
bucket = "terraform-state"
// ...
+ profile = "my_profile_name"
}
}
None of the guides or videos I read or watched included the profile
attribute. But it's explained in the Terraform documentation, here:
In my case, it turned out that I had the environment variables AWS_ACCESS_KEY_ID
, AWS_DEFAULT_REGION
and AWS_SECRET_ACCESS_KEY
set. This circumvented my ~/.aws/credentials
file. Simply unsetting these environment variables worked for me!
My issue was related to VS Code Debug Console: The AWS_PROFILE
and AWS_REGION
environment variables were not loaded. For solving that I closed vscode and reopened through CLI using the command code <project-folder>
.
I used aws configure and provide my Keys as shown below See image of the error I got
But I still got the invalid token error.
Answer
I have cleaned everything from ~/.aws/credentials and then run aws configure again and provided my keys.
It worked for me. Try it too
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.