-
Notifications
You must be signed in to change notification settings - Fork 808
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: The security token included in the request is invalid #260
Comments
hmmm apparently fixed after running |
Aren't you missing fields in that config?
Where is the IAM account?
Where is the role you want to assume?
…--
Fernando Miguel
On Sat, 19 May 2018, 19:19 Joost Saanen, ***@***.***> wrote:
I have a problem and I cannot figure out why.
My AWS Account has an admin-user with an Administrator policy.
My ~/.aws/config contains:
region=eu-west-2
mfa_serial=arn:aws:iam::<id of account>:mfa/joost.saanen```
When I do:
`aws-vault exec admin-iam -- aws iam create-user --user-name fooo`
I've got an error:
```An error occurred (InvalidClientTokenId) when calling the CreateUser operation: The security token included in the request is invalid```
Any idea what could be wrong? Thx!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#260>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAKRrrUZrUh5UydP0xQLrdmXr99wUsAOks5t0GI6gaJpZM4UFzea>
.
|
I've encountered the same problem. It's caused by the AWS API restrictions, that won't allow you to touch IAM related APIs using the account with MFA enabled, unless you pass the MFA token within the request.
It won't use temporary credentials then. I know that's not a perfect solution, but it works ;) |
Confirmed the workaround @artursmet mentioned works. Thanks! |
just set the |
This doesn't work for me and i do have
Just calling the aws cli works fine.
|
If the workaround above ( |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Has anyone encountered a problem where specifying an mfa_serial still will not, under any circumstances, prompt for an MFA? Authentication still succeeds, but it succeeds without MFA (bizarrely, to be honest), so I am unable to perform IAM api calls. There is no output to suggest that it tried and failed, and there is absolutely no difference in the debu logging if mfa_serial is configured or not, so there is no clue as to what is happening, except no token prompt and no IAM api calls work. Specifying a token with a command line param doesn't change the behaviour. It simply refuses to use MFA< even though it is configured to. It also won't fail authentication due to lack of MFA, but will fail authorization on IAM calls. It's bizarre and impossible to debug. I have two machines, both configured EXACTLY the same, running exactly the same terraform command via aws-vault. On one host, MFA works just fine. On the other host, it just silently fails with no clue as to why offered. |
I'm also struggling. $ uname -a $ aws-vault exec dev --no-session -- terraform init "mfa_serial" is definitely set on my .aws/config. Any ideas? |
https://github.com/99designs/aws-vault/blob/master/USAGE.md#aws-single-sign-on-aws-sso try using the AWS SSO sign on? |
List of possible solutions:
II) Create another profile in ~/.aws/config file to link existing profile with user credentials to role.
None of the methods above are considered safe by AWS. As compromised credentials can directly impact account. Instead, every user has to assume roles manually after logging in, as role names are only known to people who use them. |
Please I have the error below, I have changed several AWS Access Key ID and AWS Secret Access Key but still getting the same error. There is no MFA on the user account. Please any help to resolve this error will be very grateful. |
try using
|
I have a problem and I cannot figure out why.
My AWS Account has an
admin
-user with a default Administrator policy.My
~/.aws/config
(created withaws-vault add admin-aim
) contains:When I do:
I've got an error:
Any idea what could be wrong? Thx!
The text was updated successfully, but these errors were encountered: