The security token included in the request is invalid
I am patching my RHEL server using Patch manager but I am getting below error
ClientError: An error occurred (UnrecognizedClientException) when calling the GetDeployablePatchSnapshotForInstance operation: The security token included in the request is invalid root [INFO]: Unable to retrieve snapshot with default ssm client, retry with fallback ssm client botocore.credentials [INFO]: Found credentials in shared credentials file: ~/.aws/credentials
How to clear the credentials in ~/.aws/credentials in session manager ?
- Newest
- Most votes
- Most comments
Hello.
I think it is probably reading the credentials of the user (root) running SSM Agent, so I think you need to look for the "/root/.aws/credentials" setting.
https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-technical-details.html
On Linux and macOS, SSM Agent runs as the root user. Therefore, the environment variables and credentials file that SSM Agent looks for in this process are those of the root user only (/root/.aws/credentials). SSM Agent doesn't look at the environment variables or credentials file of any other users on the instance during the search for credentials.
By the way, are you trying to apply the patch to RHEL running on EC2?
In that case, I think you can use it without setting an access key by setting the IAM policy "AmazonSSMManagedInstanceCore" in the EC2 IAM role.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-permissions.html
Relevant content
- Accepted Answerasked 6 months ago
- How do I use the Microsoft KB number in Patch Manager to install a specific patch or set of patches?
AWS OFFICIALUpdated a year ago - AWS OFFICIALUpdated a year ago
Thank you in a million. I found it in "/root/.aws/credentials and deleted it. I was able to patch the ec2 instance successfully.