aws cli getting: An error occurred (InvalidClientTokenId) when calling for any call


I'm loggin in the aws cli like this: aws sso login --profile val-profile-name

after getting the message:

Successfully logged into Start URL: https://....

but after this any call to aws like for example:

aws iam get-user

aws sts get-caller-identity

will give me an error like:

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

I'm also getting the exact same error in an SQS consumer app I'm running locally the app will initially say:

info: AWSSDK[0] Found credentials using the AWS SDK's default credential search

I'm on Windows 10


it works if I call it like this:

aws sts get-caller-identity --profile val-profile-name

so it seems that I need to specify --profile for each call

2 Answers
Accepted Answer

I removed AWS Environment variables and it started working, Not sure what added them there, they had values containing the word "DUMMY"

answered a month ago


Your update seems to be correct. When you want to use named profiles, --profile option must be explicitly specified [1]. If you do not want to specify the profile on the command line every time, consider using the same credential as default profile if it's okay, or consider using an appropriate alias on your shell configuration.

You can find a comprehensive guidance on configuring AWS CLI credentials and profiles on the official documentation [1].


[1] Using named profiles -

profile pictureAWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content