Please tell me how to resolve the InvalidClientTokenId error that occurred with a request in AWS CLI

日本語版はこちら

The issue

When I made a request to the AWS service API from AWS CLI, the following error occurred.

An error occurred (InvalidClientTokenId) when calling the {API Name} operation: The security token included in the request is invalid.

Please tell me the cause of the above error and the solution.

The solution

Please check the following points:

• Whether the aws_access_key_id value in the credentials file is correct
• Whether the IAM user's access key is valid

The credentials file is located at the following path by default:

For Windows
C:\Users\username.aws\credentials

For Mac/Linux
~/.aws/credentials

In some cases, you may need to delete the AWS CLI cache after setting the correct aws_access_key_id. To delete the cache, run the following command:

For Windows
C:> del /s /q %UserProfile%.aws\cli\cache

For Mac/Linux
$ rm -r ~/.aws/cli/cache

For enabling IAM user access keys, please refer to the following documentation:

• How IAM users can manage their own access keys - AWS Identity and Access Management
• How an IAM administrator can manage IAM user access keys - AWS Identity and Access Management

After implementing the above steps, please check again whether the error is resolved when executing requests from the AWS CLI.

References

• Configuring settings for the AWS CLI - AWS Command Line Interface
• Using AWS Credentials - AWS Tools for PowerShell (version 5)
• Revoke IAM role temporary security credentials - AWS Identity and Access Management
• How IAM users can manage their own access keys - AWS Identity and Access Management
• How an IAM administrator can manage IAM user access keys - AWS Identity and Access Management