"The security token included in the request is invalid" for cdk deploy on cloud9

Hi, I just did as I always used to do:

• Create a Cloud9 using Amazon Linux 2
• upgrade AWS CLI to v2
• initialize a CDK app and add some sample code
• I am logged on using a role that has 'AdministratorAccess' policy attached and it is assumed by Cloud9.
• CDK is bootstrapped.

Running 'cdk deploy' now gives the following error:

current credentials could not be used to assume 'arn:aws:iam::ACCOUNTNUMBER:role/cdk-hnb659fds-deploy-role-ACCOUNTNUMBER-eu-central-1', but are for the right account. Proceeding anyway.

 ❌ Building assets failed: Error: Building Assets Failed: Error: TestStack: The security token included in the request is invalid
    at buildAllStackAssets (/home/ec2-user/.nvm/versions/node/v16.19.1/lib/node_modules/cdk/node_modules/aws-cdk/lib/index.js:362:115279)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async CdkToolkit.deploy (/home/ec2-user/.nvm/versions/node/v16.19.1/lib/node_modules/cdk/node_modules/aws-cdk/lib/index.js:362:142800)
    at async exec4 (/home/ec2-user/.nvm/versions/node/v16.19.1/lib/node_modules/cdk/node_modules/aws-cdk/lib/index.js:417:51795)

Building Assets Failed: Error: TestStack: The security token included in the request is invalid

• I deleted the CDKToolkit stack and did run 'cdk bootstrap' again, it created the stack again. So apparently this works.
• Running ' aws sts get-caller-identity' also shows the right role.
• I also tried on an old instance that was stopped, getting same result.

Ideas?