search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.74k stars 9.1k forks source link

InvalidClientTokenId: The security token included in the request is invalid #13844

Open jaun-rg opened 4 years ago

jaun-rg commented 4 years ago

Terraform Version

Terraform v0.12.26

Affected Resource(s)

Terraform Configuration Files

provider.tf

provider "aws" {
  region  = "us-east-1"
}

Debug Output

...
aws_iam_policy.policy_autoupdate_sg: Creating...
aws_iam_role.role_autoupdate_sg: Creating...
Error: Error creating IAM policy AutoUpdate_SGs_Policy: InvalidClientTokenId: The security token included in the request is invalid
    status code: 403, request id: 5b888a64-eba0-439a-8929-e1c5a0f593e3
  on update_security_groups.tf line 1, in resource "aws_iam_policy" "policy_autoupdate_sg":
   1: resource "aws_iam_policy" "policy_autoupdate_sg" {
Error: Error creating IAM Role AutoUpdate_SGs_Role: InvalidClientTokenId: The security token included in the request is invalid
    status code: 403, request id: bca37e54-63c3-4c0b-ba0d-826008cab61b
  on update_security_groups.tf line 30, in resource "aws_iam_role" "role_autoupdate_sg":
  30: resource "aws_iam_role" "role_autoupdate_sg" {
Releasing state lock. This may take a few moments...
...

Expected Behavior

aws_iam_policy.policy_autoupdate_sg: Creating...
aws_iam_role.role_autoupdate_sg: Creating...
aws_iam_role.role_autoupdate_sg: Creation complete after 1s [id=AutoUpdate_SGs_Role]
aws_iam_policy.policy_autoupdate_sg: Creation complete after 1s 
...

Actual Behavior

No create resources by InvalidClientTokenId Error

Steps to Reproduce

export AWS_ACCESS_KEY_ID="token value" export AWS_SECRET_ACCESS_KEY="secret value" export AWS_DEFAULT_REGION="region to work"

terraform plan terrafrom apply

Additional Note

using provider.aws v2.63.0, the provider work fine

punkrokk commented 4 years ago

I’m also experiencing this

jaun-rg commented 3 years ago

What is the current status of this issue?

dimpogissou commented 3 years ago

encountering this as well, any news here ?

gbataille commented 3 years ago

same as #14108

I have put a comment there with an ugly workaround

jeffbehl commented 3 years ago

Encountered as well when using STS service to get temporary credentials.

Can be worked around by using access key/secret key directly for an IAM user

domeales-paloit commented 1 year ago

In my case I am having this issue when my credentials are supplied by aws-vault and only when I am using Terraform to create IAM resources. All other resources provision without issues, but IAM resources fail with InvalidClientTokenId: The security token included in the request is invalid.

SennaSemakula commented 1 year ago

In my case I am having this issue when my credentials are supplied by aws-vault and only when I am using Terraform to create IAM resources. All other resources provision without issues, but IAM resources fail with InvalidClientTokenId: The security token included in the request is invalid.

Experiencing the same issues as well with IAM resources in conjunction with using AWS vault. Here these are the versions I'm currently on:

Terraform v1.2.4
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v4.38.0
+ provider registry.terraform.io/hashicorp/dns v3.2.3

Your version of Terraform is out of date! The latest version
is 1.3.6. You can update by downloading from https://www.terraform.io/downloads.html
SennaSemakula commented 1 year ago

If you're using aws-vault and you have MFA enabled this worked the following worked for me: https://github.com/99designs/aws-vault/issues/260#issuecomment-397601165

fyi @domeales-paloit