Authentication issue (403) attempting to read from SQS queue on an EC2 instance, despite proper permissions via IAM role

Question

My code was working when I had the secret key, access key, and profile name on the machine and was using those to set up my authentication before instantiating my AmazonSQSClient (I was registering a profile in the .NET credentials file as described here).

Now, I've set up my stack so that my instance is assigned an IAM role with the correct privileges on the relevant queues. It's not clear to me from tutorials how I should create my AmazonSQSClient now that my service (theoretically) has the rights it needs by virtue of the machine's IAM role, so I've tried a bunch of things, but right now I'm just using the parameterless constructor.

My call to ReceiveMessageAsync() fails, though. An excerpt of the crazy long stack trace:

Exception details:
  Message: The security token included in the request is invalid.
  Stack trace:    at Amazon.Runtime.Internal.HttpErrorResponseExceptionHandler.HandleException(IExecutionContext executionContext, HttpErrorResponseException exception)
   at Amazon.Runtime.Internal.ExceptionHandler`1.Handle(IExecutionContext executionContext, Exception exception)
   at Amazon.Runtime.Internal.ErrorHandler.ProcessException(IExecutionContext executionContext, Exception exception)
   at Amazon.Runtime.Internal.ErrorHandler.d__5`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
[...]
  Message: The remote server returned an error: (403) Forbidden.
  Stack trace:    at Amazon.Runtime.Internal.HttpRequest.d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---

Am I missing something? Is it not the case that this code should just work when the IAM role is set up properly?

Authentication issue (403) attempting to read from SQS queue on an EC2 instance, despite proper permissions via IAM role

Answers (1)

Related Questions