By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

aws cli getting: An error occurred (InvalidClientTokenId) when calling for any call

0

I'm loggin in the aws cli like this: aws sso login --profile val-profile-name

after getting the message:

Successfully logged into Start URL: https://....

but after this any call to aws like for example:

aws iam get-user

aws sts get-caller-identity

will give me an error like:

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

I'm also getting the exact same error in an SQS consumer app I'm running locally the app will initially say:

info: AWSSDK[0] Found credentials using the AWS SDK's default credential search

I'm on Windows 10

update:

it works if I call it like this:

aws sts get-caller-identity --profile val-profile-name

so it seems that I need to specify --profile for each call

Topics
Management & GovernanceAWS Well-Architected Framework
Tags
AWS Command Line InterfaceSecurity
Language
English
awsman
asked a year ago2.6K views
3 Answers
1
Accepted Answer

I removed AWS Environment variables and it started working, Not sure what added them there, they had values containing the word "DUMMY"

awsman
answered a year ago
0

Hi,

Your update seems to be correct. When you want to use named profiles, --profile option must be explicitly specified [1]. If you do not want to specify the profile on the command line every time, consider using the same credential as default profile if it's okay, or consider using an appropriate alias on your shell configuration.

You can find a comprehensive guidance on configuring AWS CLI credentials and profiles on the official documentation [1].

References

[1] Using named profiles - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-using-profiles

profile pictureAWS
Sidney_J
answered a year ago
0

Sounds like you found the solution for you. Just thought I'd post another solution that worked for me when I got this error.

This error can happen if your Access Key is deactivated. I had to login to the Web Console, and reactivate my key (and eventually just generated a new one, and removed the old one).

Justin-IBM
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content