The security token included in the request is invalid
I am patching my RHEL server using Patch manager but I am getting below error
ClientError: An error occurred (UnrecognizedClientException) when calling the GetDeployablePatchSnapshotForInstance operation: The security token included in the request is invalid root [INFO]: Unable to retrieve snapshot with default ssm client, retry with fallback ssm client botocore.credentials [INFO]: Found credentials in shared credentials file: ~/.aws/credentials
How to clear the credentials in ~/.aws/credentials in session manager ?
- 最新
- 投票最多
- 评论最多
Hello.
I think it is probably reading the credentials of the user (root) running SSM Agent, so I think you need to look for the "/root/.aws/credentials" setting.
https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-technical-details.html
On Linux and macOS, SSM Agent runs as the root user. Therefore, the environment variables and credentials file that SSM Agent looks for in this process are those of the root user only (/root/.aws/credentials). SSM Agent doesn't look at the environment variables or credentials file of any other users on the instance during the search for credentials.
By the way, are you trying to apply the patch to RHEL running on EC2?
In that case, I think you can use it without setting an access key by setting the IAM policy "AmazonSSMManagedInstanceCore" in the EC2 IAM role.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-permissions.html
Thank you in a million. I found it in "/root/.aws/credentials and deleted it. I was able to patch the ec2 instance successfully.