Use of `aws_session_token`

[giraz82]

I'm trying to use a temporary access token with:

  uses: einaregilsson/beanstalk-deploy@v17
  with:
      aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
      aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      aws_session_token: ${{ github.event.inputs.session_token }}

But I get:

Error: Deployment failed: Error: Status: 403. Code: InvalidClientTokenId, Message: The security token included in the request is invalid.

I also printed out ${{ github.event.inputs.session_token }} just to be sure the string is correctly managed by GitHub runner. With eb cli I can access of course.

Any idea? Thank you.

[giraz82]

I'm closing because after refreshing secrets, it works. I leave it since could help someone that is starting to use this action with temporary tokens.

[krajeswaran]

I'm closing because after refreshing secrets, it works.

@giraz82 Can you please explain - how/what did you refresh? Revoked sessions in IAM or created new AWS Secrets?

I'm stuck on the same error message and would like some help. Thanks!

[slomangino123]

@giraz82 @krajeswaran Did you guys ever figure this out I'm stuck using aws-actions/configure-aws-credentials@v1 which sets the environment variable AWS_SESSION_TOKEN then defining aws_session_token: ${{ env.AWS_SESSION_TOKEN }} in this and it does not seem to work. Looking for suggestions.

[bdoughertycloudbeds]

aws-actions/configure-aws-credentials@v1 seems to set the access key/secret for the temporary token as process.env vars. So referring to them like this worked for me:

aws_access_key: ${{ env.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ env.AWS_SECRET_ACCESS_KEY }}