(Using CLI) AWS was not able to validate the provided access credentials

Question

I get the following error, when executing the aws cli command: aws ec2 describe-instances --filters "Name=instance-type,Values=m1.small":

A client error (AuthFailure) occurred when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials

The credentials are from the following script:

import boto3

sts_client = boto3.client('sts')

assumedRoleObject = sts_client.assume_role(
    RoleArn="arn:aws:iam::<>:role/service-role/Test-Project",
    RoleSessionName="AssumeRoleSession2"
)
credentials = assumedRoleObject['Credentials']

print credentials['AccessKeyId']
print "#"*100
print credentials['SecretAccessKey']
print "#"*100
print credentials['SessionToken']
print "#"*100

I have tested with enabling Admin Access on the role also. Still not working.

The trust relationship of the role is as follows:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "*",
          "arn:aws:iam::<>:user/<username>"
        ],
        "Service": [
          "lambda.amazonaws.com",
          "ec2.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Answer 1

I can think of 2 reasons only as why it is not working, just check if it fits your case.

Just to make sure, you are exporting all the 3 variables in your session, i.e.

export AWS_ACCESS_KEY_ID="ASIAI******JQ"
export AWS_SECRET_ACCESS_KEY="n******u1pRocjL"
export AWS_SESSION_TOKEN="FQ*****vKJKTisUF"

or if you are using credentials file in your local machine you have all the 3 variables in there and that too under default profile.

Additionally since session tokens are valid for one hour interval by default, just check if your machine's time is out of sync (minor possibility but worth checking.)