Reputation: 230
AWS sts error: The security token included in the request is expired
Why when I run the command...
aws --profile default sts get-caller-identity
it works and I get the expected result back. But when I attempt to run...
aws sts get-caller-identity
It fails with the error "An error occurred (ExpiredToken) when calling the GetCallerIdentity operation: The security token included in the request is expired"
I've configured aws sso correctly and have successfully given my machine permission. I've ensure that there are no AWS environment variables set in my user or system environment variables (no environment variable prefixed with 'AWS_')
Upvotes: 1
Views: 4596
Answers (1)
Reputation: 230
Ok so thanks to @jarmod's comment on my question I was able to isolate the issue, by using the logs produced from the command:
aws sts get-caller-identity --debug 2>&1 | Select-String "botocore.credentials"
which outputted:
2024-03-28 13:00:11,472 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2024-03-28 13:00:11,472 - MainThread - botocore.credentials - INFO - Found credentials in environment variables.
So I ran the commands:
Remove-Item -Path Env:\AWS_ACCESS_KEY_ID
Remove-Item -Path Env:\AWS_SECRET_ACCESS_KEY
and reran the above command which gave me the output of:
2024-03-28 13:04:14,393 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2024-03-28 13:04:14,393 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2024-03-28 13:04:14,393 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2024-03-28 13:04:14,393 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2024-03-28 13:04:14,541 - MainThread - botocore.credentials - DEBUG - Credentials for role retrieved from cache.
2024-03-28 13:04:14,541 - MainThread - botocore.credentials - DEBUG - Retrieved credentials will expire at: 2024-03-28 20:56:29+00:00
Now when I run the command:
aws sts get-caller-identity
it works as expected.
Upvotes: 2
Related Questions
- How can I resolve the error "The security token included in the request is invalid" when running aws iam upload-server-certificate?
- Error loading SSO Token: The SSO access token has either expired or is otherwise invalid
- The AWS Access Key Id does not exist in our records
- how re-login to a aws token expired
- Terraform, AWS and STS The security token included in the request is invalid
- AWS Sagemaker on local machine: Invalid security token included in the request
- How to get AWS STS using Federated User?