An error occured while calling assume role: An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the request is invalid.

[christianp86]

Installed aws-mfa today to get aws-cdk finally working with mfa support. Windows 10 1803 Python 3.8.3 PiP 20.1.1

[development.sap-long-term] aws_access_key_id = myaccessKey aws_secret_access_key = SecretAcessKey [development.sap] aws_access_key_id = <POPULATED_BY_AWS-MFA> aws_secret_access_key = <POPULATED_BY_AWS-MFA> aws_security_token = <POPULATED_BY_AWS-MFA>

I execute aws-mfa --profile development.sap --device arn:aws:iam::772769262746:mfa/christian.pfisterer INFO - Validating credentials for profile: development.sap with assumed role: arn:aws:iam::876701326593:role/HSEAdminRole WARNING - Your existing credentials are missing or invalid, obtaining new credentials. INFO - Obtaining credentials for a new role or profile. Enter AWS MFA code for device [arn:aws:iam::772769262746:mfa/christian.pfisterer] (renewing for 3600 seconds): INFO - Assuming Role - Profile: development.sap, Role: arn:aws:iam::876701326593:role/HSEAdminRole, Duration: 3600 ERROR - An error occured while calling assume role: An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the request is invalid.

Any one else have this problem?

[christianp86]

aha my problem was using the wrong profile. I should have used my other profile aws-mfa --profile hse24 --device arn:aws:iam::772769262746:mfa/christian.pfisterer --assume-role arn:aws:iam::876701326593:role/HSEAdminRole