How do I resolve a not valid security token error in DynamoDB?

Lesedauer: 3 Minute
0

When I try to make a GET or PUT request in Amazon DynamoDB, I get a "security token included in the request is invalid" error.

Short description

You might get the security token included in the request is invalid error in the following situations:

  • You used a temporary credential for your AWS client and the credentials expired.
  • There's an issue with the security token that you used to authenticate your request.
  • Your Amazon Elastic Compute Cloud (Amazon Ec2) instance's date and time aren't correctly set and cause your AWS credentials to be rejected.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Use the Amazon Time Sync Service or another NTP source

To maintain an accurate time reference for your instance, configure the Amazon Time Sync Service or another Network Time Protocol (NTP) source. 

Update your AWS credentials

To review your credentials, run the update-access-key command with the --debug setting. If you use a security token service, then run the get-caller-identity command. If your AWS credentials are incorrect, then use the AWS CLI to update your AWS access key ID and secret access key.

Configure your AWS CLI or AWS SDK with the correct credentials

To configure your credentials in the AWS CLI, run the configure command.

To configure your credentials in AWS SDKs, you can use environment variables, an AWS credentials file, or AWS Secrets Manager.

Refresh your temporary credentials

If you use temporary credentials for DynamoDB, then refresh your credentials 5 minutes before the credentials are set to expire.

Use an IAM role for your instance

If you use an EC2 instance as a client machine, then attach an instance profile to your instance. Make sure that you don't specify any other credentials in your code or on the instance. The instance profile is the last place that the default credential provider chain searches for credentials. If the credentials are located earlier in the search chain, then you can't use the AWS Identity and Access Management (IAM) role. For more information, see Configuration and credentials precedence.

Rotate your credentials

If you continue to experience issues, then rotate your credentials.

Related information

Provide temporary credentials to the SDK

AWS OFFICIAL
AWS OFFICIALAktualisiert vor 2 Monaten