Using AWS CLI from Azure pipeline

Question

I'm trying to use AWS cli within a script section of an Azure pipeline. The script section is in a template file and it's accessed from the main pipeline.

steps:
- bash: |
    step_function_state=`aws stepfunctions list-executions --state-machine-arn $(stateMachineArn) --status-filter RUNNING |  jq -r '.executions[]|.status' | head -1`
    echo "State machine RUNNING status: ${step_function_state}"
    # Rest of the script#
  displayName: "Test Script"
  env:
    AWS_ACCESS_KEY_ID: $(AWS_ACCESS_KEY_ID)
    AWS_DEFAULT_REGION: $(AWS_DEFAULT_REGION)
    AWS_SECRET_ACCESS_KEY: $(AWS_SECRET_ACCESS_KEY)

stateMachineArn, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION are stored in a variable group. When running the pipeline it gives the following error,

An error occurred (UnrecognizedClientException) when calling the ListExecutions operation: The security token included in the request is invalid.

Using the same credentials I am able to run my local CLI and get the results. I tried printenv command and all the AWS variables are in the environment too. What could I possibly do wrong?

Answer 1

I realized that this issue occurred due to credential mismatch. After adding the correct credentials (same as local cli) the pipeline CLI also started to work. Based on the error log it felt like aws_session_token could be an issue but the actual issue was in aws_access_key_id and aws_secret_access_key.