The AWS Access Key Id you provided does not exist in our records, but credentials was already set

Question

Through boto3 library, I uploaded and downloaded file from AWS s3 successfully. But after few hours, it shows InvalidAccessKeyId suddenly for the same code.

What I have done:

• set ~/.aws/credentials
• Set environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

I tried the following solutions, but the error still heppens.

adding quotes on config values

ref2

Do I miss anything? Thanks for your help.

Answer 1

I found this article for the same issue. Amazon suggests to generate new key, and I did. Then it works, but we don't know the root cause. Suggest to do so for saving a lot of time when having the same problem.

Answer 2

If you have the credentials in ~/.aws/credentials there is no need to set environment variables AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY.

Environment variables are valid only for a session.

If you are using boto3, you can specify the credentials while creating client itself.

The best way to configure AWS credential is to install the AWS Command-Line Interface (CLI) and run aws configure from the bash console:

~/.aws/credentials format

[default]
aws_access_key_id = ***********
aws_secret_access_key = ************

Answer 3

You do not need to configure both .aws/credentials AND environment variables.

From Credentials — Boto 3 documentation:

The order in which Boto3 searches for credentials is:

• Passing credentials as parameters in the boto.client() method
• Passing credentials as parameters when creating a Session object
• Environment variables
• Shared credential file (~/.aws/credentials)
• AWS config file (~/.aws/config)
• Assume Role provider
• Boto2 config file (/etc/boto.cfg and ~/.boto)
• Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

The fact that your credentials stopped working after a period of time suggests that they were temporary credentials created via the AWS Security Token Service, with an expiry time.