I want to access my Amazon Simple Storage Service (Amazon S3) bucket using the AWS Command Line Interface (AWS CLI), an AWS SDK, or my own application. However, when I send a request to my bucket, I get the error "The AWS Access Key Id you provided does not exist in our records." How can I fix this?
The error message "The AWS Access Key Id you provided does not exist in our records" indicates that there's an issue with the credentials that you're using. The access key that you're using might have been deleted, or the associated AWS Identity and Access Management (IAM) role or user might have been deleted.
To resolve the issue, check credentials that you're using. If you're using the AWS CLI, run this command to list the stored access keys:
aws configure list
You can also run the get-caller-identity AWS CLI command to get details on the IAM credentials you're using to call the API:
aws sts get-caller-identity
Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
If you're using an AWS SDK, run the GetCallerIdentity action for the SDK that you're using.
After you obtain the credentials that you're using, verify that those credentials are still valid.
If you're using an IAM role, follow these steps:
- Open the IAM console.
- Choose Roles.
- Verify that the IAM role is listed. If the role isn't listed, then create a new IAM role.
If you're using an IAM user, follow these steps:
- Open the IAM console.
- Choose Users.
- Verify that the IAM user is listed. If the user isn't listed, then you must create a new IAM user.
- If the IAM user is listed, choose the user name to view its Summary page.
- Choose the Security credentials tab, and then check whether the associated Access keys appear. If the access keys are missing or inactive, then you must create new access keys or activate the keys.
Note: If you're using a session token, make sure to pass the session token with the access key and secret key. When you copy your security token and keys, be sure to check for any typos that don't align with your use case.
You can also use a session token with multi-factor authentication (MFA) to protect programmatic calls that are specific to AWS API operations. Run the sts get-session-token command in the AWS CLI with the code from your MFA device. For more information, see How do I use an MFA token to authenticate access to my AWS resources through the AWS CLI?
Configuring the AWS CLI