By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't create roles from CloudFormation template because of security token

1

I keep getting this error in Cloud9 when trying to deploy a template that creates roles. The security token included in the request is invalid (Service: AmazonIdentityManagement; Status Code: 403; Error Code: InvalidClientTokenId; Request ID:<...>proxy: null)

  • albert21
    10 months ago

    I also get this error. I reproduced the error for my particular case below.

    CREATE_FAILED            AWS::IAM::Role           JoinGameFunctionRole     The security token     
                                                                           included in the        
                                                                           request is invalid     
                                                                           (Service: AmazonIdenti 
                                                                           tyManagement; Status   
                                                                           Code: 403; Error Code: 
                                                                           InvalidClientTokenId;  
                                                                           Request ID: 62777c05-0 
                                                                           1c2-4bb9-b853-c6853317 
                                                                           d8ab; Proxy: null)
Topics
Developer ToolsManagement & GovernanceSecurity, Identity, & Compliance
Tags
AWS Cloud9AWS CloudFormationAWS IAM Identity Center
Language
English
rePost-User-9008739
asked a year ago531 views
2 Answers
0

Hi. Cloud9 uses ATMC(AWS Managed Temporary Credentials) by default but some action on specific service including IAM and STS are not permitted even if your IAM user has permission. In such case, use instance profile instead. Check the link as follows to setup.

https://docs.aws.amazon.com/cloud9/latest/user-guide/credentials.html

profile picture
EXPERT
Hiroki Takahashi
answered a year ago
  • albert21
    10 months ago

    I am confused about "some action on specific service including IAM and STS are not permitted even if your IAM user has permission." Can you elaborate?

  • albert21
    10 months ago

    I still encountered the same error stating that the security token is invalid when creating roles. Here are the steps I took from https://docs.aws.amazon.com/cloud9/latest/user-guide/credentials.html

    1) Create a role with Administrator access that contains an instance profile
2) Attach the role (instance profile) to the EC2 instance running Cloud9
0

By default Cloud9 can set up a Role when its created that grants pretty wide permissions. Are you passing additional roles or credentials in the CLI when you deploy?

profile picture
Zac Dan
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content