UnrecognizedClientException","errorMessage":"The security token included in the request is invalid when testing lambda function locally

Question

I am trying to use aws sam to invoke my lambda function locally for testing. The function reads an item from a dynamodb table. I have spin up a local dynamodb container where the desired table is created.

Ran below commands to create a local dynamodb container.

1. docker network create lambda-local
2. docker run —-network=lambda-local —-name users -d -p 8000:8000 amazon/dynamodb-local
3. aws dynamodb create-table --table-name employees --attribute-definitions AttributeName=name,AttributeType=S --key-schema AttributeName=name,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 --endpoint-url=http://127.0.0.1:8000

Then using below command I am able to verify that all is working fine as far as local dynamodb is concerned.

1. aws dynamodb list-tables --endpoint-url http://localhsot:8000

But then, when I try to run the below command, I get an error.

sam local invoke <lambdaFunctionName> --docker-network lambda-local

The error I get -

START RequestId: 043b493d-8457-43f1-8eeb-dc641ac3816f Version: $LATEST
2021-10-27T08:17:00.778Z        043b493d-8457-43f1-8eeb-dc641ac3816f    ERROR   Invoke Error    
{"errorType":"UnrecognizedClientException","errorMessage":"The security token included in the request is invalid",
"code":"UnrecognizedClientException","message":"The security token included in the request is invalid","time":"2021-10-27T08:17:00.775Z","requestId":"NG2U0AEVI320VL5PLPTK8H3G63VV4KQNSO5AEMVJF66Q9ASUAAJG","statusCode":400,"retryable":false,"retryDelay":46.55385931289337,"stack":["UnrecognizedClientException: The security token included in the request is invalid","    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27)","    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)","    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)","    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)","    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)","    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)","    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10","    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)","    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)","    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)"]}
END RequestId: 043b493d-8457-43f1-8eeb-dc641ac3816f

What am I missing here ? Are there any other steps required to invoke a lambda function locally using sam and connect it to a locally running dynamodb container ?

lambda code

var AWS = require('aws-sdk');
AWS.config.update({region: 'us-east-1'});

exports.lambdaHandler = async (event, context) => {
    const dynamoDB = new AWS.DynamoDB.DocumentClient();
    const params = {
        TableName: 'employees',
        Key: {
            name: "naxi"
        }
    };

    const result = await dynamoDB.get(params).promise();
    if (result.Item) {
        return result.Item;
    } else {
        return { error: 'Task not found.' };
    }
};

Answer 1

You need to have the access and secret key configured along with the region in your local machine using the AWS CLI. This error is raised because of either not having correct access and secret keys or not having it configured.

Refer the below link for reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html