STS temporary credentials: "Access Key Id you provided does not exist"


Hello everyone,
I'm running ECS Fargate tasks and they need to PUT files to an S3 bucket.
I decided to use STS temporary credentials instead of just hardcoding long-lasting credentials in the docker image.

So, I start by requesting this url in bash.
It works, it returns this json output:

 "RoleArn":"The correct ARN of the Task Role. This role has the s3:PutObject permission.",
 "SecretAccessKey":"Some string",
 "Token":"Some long string"

Now I use the AccessKeyId and SecretAccessKey I got to perform a V4 signature so I can PUT the file to S3.

I get this response, do you have any idea why?

<?xml version="1.0" encoding="UTF-8"?>
<Message>The AWS Access Key Id you provided does not exist in our records.</Message>
<HostId>Some long string</HostId>

How come it says it does not exist? It's the Access key AWS gave me.

I'm not using SDKs, just scripting some bash which is indeed working fine when I use long-lasting credentials (e.g the AKIA access key).
On a side note... what's with the magic IP Can't I use some host name?

Thanks in advance.

asked 3 years ago321 views
1 Answer

I realized I should add and sign the x-amz-security-token header as well.

Problem solved!

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions