Reputation: 2563
UnrecognizedClientException: The security token included in the request is invalid when calling AWS.SecretsManager
I'm implementing AWS ClientManager to obtain secret variables saved in AWS. I had initial implementation like below:
// Load the AWS SDK
var AWS = require('aws-sdk'),
region = "us-west-2",
secretName = "secretName",
accessKeyId = myAccessKey,
secretAccessKey = mySecretAccessKey,
secret,
decodedBinarySecret;
var client = new AWS.SecretsManager({
region: region,
});
client.getSecretValue({SecretId: secretName}, function(err, data) {
if (err) {
console.log("Error Happened");
console.log(err);
}
else {
if ('SecretString' in data) {
secret = data.SecretString;
} else {
let buff = new Buffer(data.SecretBinary, 'base64');
decodedBinarySecret = buff.toString('ascii');
}
}
});
When I start the server it throws the following exception
{ UnrecognizedClientException: The security token included in the request is invalid. message: 'The security token included in the request is invalid.', code: 'UnrecognizedClientException', time: 2019-07-01T12:16:00.021Z, requestId: 'c7ed53c1-fb70-4012-aa9f-5a9a3195a043', statusCode: 400, retryable: false, retryDelay: 40.923844792180674 }
Upvotes: 9
Views: 86758
Answers (3)
Reputation: 21
When running inside AWS Lambda, you typically should not provide AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY manually. Lambda automatically assumes an IAM role that provides credentials.
const AWS = require("aws-sdk");
AWS.config.update({
region: process.env.AWS_REGION,
});
const docClient = new AWS.DynamoDB.DocumentClient();
module.exports.DynamoDB = new AWS.DynamoDB();
module.exports.docClient = docClient;
Upvotes: 0
Reputation: 397
You need to add the endpoint for that aws extract you token access defined with aws configure. Add this code join WHEN creating the table:
--endpoint-url http://localhost:8000 //localhost in my case because I'm runing locally, but you can put there you domain or port server
AWS.config.update({
region: "us-west-2",
endpoint: "http://localhost:8000",
accessKeyId: "your access id",
secretAccessKey: "your acccess key"
});
Upvotes: 5
Reputation: 1623
The "security token included in the request is invalid" error almost always means there is something wrong with your credentials. Either the accessKeyId or secretAccessKey (or both) are wrong.
You can try validating your credentials using the AWS cli using the STS get caller identity call before using them in your code.
Upvotes: 15
Related Questions
- NodeJs unable to callback AWS Secrets Manager response
- Could not load credentials from any providers in NodeJS
- AWS SDK V3 SecretsManager: Value null at 'secretId'
- Error: 16 UNAUTHENTICATED: Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid auth credential
- how do I use aws secret manager with nodejs lambda
- AWS - Lambda unable to get my secrets (NodeJS)
- Why I am getting `Endpoint request timed out` error when AWS SecretsManager is implemented?
- Unable to get AWS secret using aws-sdk - I either get missing credentials error and an object
- Setting Secrets from AWS Secrets manager in Node.JS
- Error: Missing credentials in config - /nodeapp/node_modules/aws-sdk/lib/request.js:31