AWSeducate credentials are not accepted for Elastic Beanstalk ebcli

Question

When I log into my awseducate account and I click on Account Details I get my credentials. See the credentials generated by the account

I successfully used these credentials with my S3 buckets to upload and download files. But when I try to use these credentials with elastic beanstalk service - ebcli (eb init command), I get the message ERROR: NotAuthorizedError - Operation Denied. The security token included in the request is invalid.

F:\cloud-developer-master\course-02\project\image-filter-starter-code>eb init

Select a default region
1) us-east-1 : US East (N. Virginia)
2) us-west-1 : US West (N. California)
3) us-west-2 : US West (Oregon)
4) eu-west-1 : EU (Ireland)
...
(default is 3): 1
You have not yet set up your credentials or your credentials are incorrect
You must provide your credentials.
(aws-access-id): ASIxxxxxxxxxxxxxxxxxxxxxxxx
(aws-secret-key): hVCExxxxxxxxxxxxxxxxxxxxxxx
ERROR: NotAuthorizedError - Operation Denied. The security token included in the request is invalid.

Any clues why these are not accepted?

NB: I can't create new crenditials with a new user because this operation is not allowed with this AWS Student account. I tried refereshing the page to get new credentials, still no success.

I tried creating the .aws/credentials file and copied and pasted those credentials, still not accepted:

F:\cloud-developer-master\course-02\project\image-filter-starter-code>eb init

Select a default region
1) us-east-1 : US East (N. Virginia)
2) us-west-1 : US West (N. California)
3) us-west-2 : US West (Oregon)
...
(default is 3): 1
ERROR: The current user does not have the correct permissions. Reason: Operation Denied. The security token included in the request is invalid.
ERROR: The current user does not have the correct permissions. Reason: Operation Denied. The security token included in the request is invalid.
You have not yet set up your credentials or your credentials are incorrect
You must provide your credentials.
(aws-access-id): ASIxxxxxxxxxxxxxxxxxxxxxxxxxxxx
(aws-secret-key): 1Ssxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ERROR: NotAuthorizedError - Operation Denied. The security token included in the request is invalid.

Answer 1

Thanks to a guy that goes by the pseudo Gambit-, I found a solution to the problem (details here). You have to create two files in the folder: C:\Users\YOURUSERNAME\.aws

config

[default] 
region = us-east-1 # replace this with your region (don't select it in the CLI) 
output = json

credentials

[default]
aws_access_key_id=REPLACE_WITH_YOUR_ACCESS_KEY
aws_secret_access_key=REPLACE_WITH_YOUR_SECRET_KEY
aws_session_token=REPLACE_WITH_YOUR_TOKEN

A little explanation: When you select the region within the cmd, eb-cli will automatically update the config file by generating and storing a new profile named [eb cli] which will be populated with the information your select within the cmd. However, I did put the profile [default] in the file credentials which are two different profiles. Therefore, the authentication failed.

Also, thanks John Rotenstein for your help

Answer 2

AWS Educate is providing you with temporary credentials that expire after a period. They are generated via the AWS Security Token Service (STS).

Temporary credentials consist of:

• Access Key
• Secret Key
• Session Token

The eb init script you are showing is only asking for the first two items, but not the Session Token. Without the session token, the credentials are invalid.

It might be possible to overcome with this method:

• Run aws configure, which will ask you for the credentials and then store them in ~.aws/credentials (including the security token)
• Run eb init, which should use the credentials from that file

Worst case, use an alternative profile via aws configure --profile foo and then eb init --profile foo.