0
votes

I try to connect by aws cli from my laptop which has windows. I create access key and secret key by IAM on root use several times and use aws configure to set them, but I still get invalid token error. I know that my credential is set because when I run aws configure it shows up. The below is the log. Thanks for help.

PS C:\WINDOWS\system32> aws configure
AWS Access Key ID [****************PAPA]:
AWS Secret Access Key [****************vXOi]:
Default region name [us-east-1]:
Default output format [json]:

PS C:\WINDOWS\system32> aws lambda list-functions --debug
2019-01-27 15:14:36,022 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.16.96 Python/3.7.2 Windows/10 botocore/1.12.86
2019-01-27 15:14:36,023 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['lambda', 'list-functions', '--debug']
2019-01-27 15:14:36,023 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x000001A242791488>
2019-01-27 15:14:36,023 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x000001A242288620>
2019-01-27 15:14:36,023 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x000001A2422C47B8>
2019-01-27 15:14:36,025 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x000001A2425087B8>
2019-01-27 15:14:36,026 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\data\lambda\2015-03-31\service-2.json
2019-01-27 15:14:36,029 - MainThread - botocore.hooks - DEBUG - Event service-data-loaded.lambda: calling handler <function register_retries_for_service at 0x000001A241FBED08>
2019-01-27 15:14:36,029 - MainThread - botocore.handlers - DEBUG - Registering retry handlers for service: lambda
2019-01-27 15:14:36,030 - MainThread - botocore.hooks - DEBUG - Event building-command-table.lambda: calling handler <function add_waiters at 0x000001A24279B950>
2019-01-27 15:14:36,065 - MainThread - awscli.clidriver - DEBUG - OrderedDict([('master-region', <awscli.arguments.CLIArgument object at 0x000001A242921B00>), ('function-version', <awscli.arguments.CLIArgument object at 0x000001A242921B38>), ('marker', <awscli.arguments.CLIArgument object at 0x000001A242921C50>), ('max-items', <awscli.arguments.CLIArgument object at 0x000001A242921BA8>)])
2019-01-27 15:14:36,065 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function add_streaming_output_arg at 0x000001A242791730>
2019-01-27 15:14:36,065 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function add_cli_input_json at 0x000001A2422C4EA0>
2019-01-27 15:14:36,066 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function unify_paging_params at 0x000001A24271B9D8>
2019-01-27 15:14:36,103 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\data\lambda\2015-03-31\paginators-1.json
2019-01-27 15:14:36,104 - MainThread - awscli.customizations.paginate - DEBUG - Modifying paging parameters for operation: ListFunctions
2019-01-27 15:14:36,104 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function add_generate_skeleton at 0x000001A2426F78C8>
2019-01-27 15:14:36,105 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.lambda.list-functions: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x000001A242921CF8>>
2019-01-27 15:14:36,105 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.lambda.list-functions: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x000001A242930208>>
2019-01-27 15:14:36,105 - MainThread - botocore.hooks - DEBUG - Event operation-args-parsed.lambda.list-functions: calling handler functools.partial(<function check_should_enable_pagination at 0x000001A24271BAE8>, ['marker', 'max-items'], {'max-items': <awscli.arguments.CLIArgument object at 0x000001A242921BA8>}, OrderedDict([('master-region', <awscli.arguments.CLIArgument object at 0x000001A242921B00>), ('function-version', <awscli.arguments.CLIArgument object at 0x000001A242921B38>), ('marker', <awscli.arguments.CLIArgument object at 0x000001A242921C50>), ('max-items', <awscli.customizations.paginate.PageArgument object at 0x000001A242930128>), ('cli-input-json', <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x000001A242921CF8>), ('starting-token', <awscli.customizations.paginate.PageArgument object at 0x000001A242921D68>), ('page-size', <awscli.customizations.paginate.PageArgument object at 0x000001A242930080>), ('generate-cli-skeleton', <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x000001A242930208>)]))
2019-01-27 15:14:36,106 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.master-region: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,106 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.function-version: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,106 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.marker: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,107 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.max-items: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,107 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.cli-input-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,107 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.starting-token: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.page-size: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.generate-cli-skeleton: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event calling-command.lambda.list-functions: calling handler <bound method CliInputJSONArgument.add_to_call_parameters of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x000001A242921CF8>>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event calling-command.lambda.list-functions: calling handler <bound method GenerateCliSkeletonArgument.generate_json_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x000001A242930208>>
2019-01-27 15:14:36,109 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2019-01-27 15:14:36,109 - MainThread - botocore.credentials - INFO - Found credentials in environment variables.
2019-01-27 15:14:36,110 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\data\endpoints.json
2019-01-27 15:14:36,112 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x000001A241F990D0>
2019-01-27 15:14:36,113 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.lambda: calling handler <function add_generate_presigned_url at 0x000001A241F58F28>
2019-01-27 15:14:36,117 - MainThread - botocore.args - DEBUG - The s3 config key is not a dictionary type, ignoring its value of: None
2019-01-27 15:14:36,119 - MainThread - botocore.endpoint - DEBUG - Setting lambda timeout as (60, 60)
2019-01-27 15:14:36,120 - MainThread - botocore.client - DEBUG - Registering retry handlers for service: lambda
2019-01-27 15:14:36,121 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.lambda.ListFunctions: calling handler <function generate_idempotent_uuid at 0x000001A241FBE6A8>
2019-01-27 15:14:36,121 - MainThread - botocore.hooks - DEBUG - Event before-call.lambda.ListFunctions: calling handler <function inject_api_version_header_if_needed at 0x000001A241FC1598>
2019-01-27 15:14:36,121 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListFunctions) with params: {'url_path': '/2015-03-31/functions/', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'aws-cli/1.16.96 Python/3.7.2 Windows/10 botocore/1.12.86'}, 'body': b'', 'url': 'https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x000001A242A2BAC8>, 'has_streaming_input': False, 'auth_type': None}}
2019-01-27 15:14:36,122 - MainThread - botocore.hooks - DEBUG - Event request-created.lambda.ListFunctions: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x000001A242A2BA90>>
2019-01-27 15:14:36,122 - MainThread - botocore.hooks - DEBUG - Event choose-signer.lambda.ListFunctions: calling handler <function set_operation_specific_signer at 0x000001A241FBE598>
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
GET
/2015-03-31/functions/

host:lambda.us-east-1.amazonaws.com
x-amz-date:20190127T211436Z

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20190127T211436Z
20190127/us-east-1/lambda/aws4_request
ce9b2c421afea074503fa22c16a82ef192791150d3fd511cc69409b18f20f300
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - Signature:
8d4a2a782be3622cc0ecac9e69eabb786feb7126f38851c10314155944fe359a
2019-01-27 15:14:36,124 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/, headers={'User-Agent': b'aws-cli/1.16.96 Python/3.7.2 Windows/10 botocore/1.12.86', 'X-Amz-Date': b'20190127T211436Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIAIAC5Q6NZD6TIRSKQ/20190127/us-east-1/lambda/aws4_request, SignedHeaders=host;x-amz-date, Signature=8d4a2a782be3622cc0ecac9e69eabb786feb7126f38851c10314155944fe359a'}>
2019-01-27 15:14:36,124 - MainThread - urllib3.util.retry - DEBUG - Converted retries value: False -> Retry(total=False, connect=None, read=None, redirect=0, status=None)
2019-01-27 15:14:36,124 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): lambda.us-east-1.amazonaws.com:443
2019-01-27 15:14:36,445 - MainThread - urllib3.connectionpool - DEBUG - https://lambda.us-east-1.amazonaws.com:443 "GET /2015-03-31/functions/ HTTP/1.1" 403 68
2019-01-27 15:14:36,446 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Sun, 27 Jan 2019 21:14:37 GMT', 'Content-Type': 'application/json', 'Content-Length': '68', 'Connection': 'keep-alive', 'x-amzn-RequestId': '8d5f8d34-2278-11e9-b7ef-bd100b83dc62', 'x-amzn-ErrorType': 'UnrecognizedClientException'}
2019-01-27 15:14:36,447 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"message":"The security token included in the request is invalid."}'
2019-01-27 15:14:36,448 - MainThread - botocore.hooks - DEBUG - Event needs-retry.lambda.ListFunctions: calling handler <botocore.retryhandler.RetryHandler object at 0x000001A242911630>
2019-01-27 15:14:36,448 - MainThread - botocore.retryhandler - DEBUG - No retry needed.
2019-01-27 15:14:36,450 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 207, in main
    return command_table[parsed_args.command](remaining, parsed_args)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 348, in __call__
    return command_table[parsed_args.operation](remaining, parsed_globals)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 520, in __call__
    call_parameters, parsed_globals)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 641, in invoke
    self._display_response(operation_name, response, parsed_globals)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 661, in _display_response
    formatter(command_name, response)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\formatter.py", line 69, in __call__
    response_data = response.build_full_result()
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\paginate.py", line 449, in build_full_result
    for response in self:
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\paginate.py", line 255, in __iter__
    response = self._make_request(current_kwargs)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\paginate.py", line 332, in _make_request
    return self._method(**current_kwargs)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\client.py", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the ListFunctions operation: The security token included in the request is invalid.
2019-01-27 15:14:36,451 - MainThread - awscli.clidriver - DEBUG - Exiting with rc 255

An error occurred (UnrecognizedClientException) when calling the ListFunctions operation: The security token included in the request is invalid.
1

1 Answers

2
votes

There are a number of ways that you can provide credentials to the awscli, and they are evaluated in the following order:

  1. command line options
  2. environment variables
  3. awscli credentials file
  4. awscli config file
  5. container credentials
  6. instance profile credentials

By running aws configure you have configured a set of credentials for option #3.

However, in the debug output that you shared with us, you can see:

INFO - Found credentials in environment variables.

This suggests that the awscli found credentials in your environment (via environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and possibly AWS_SESSION_TOKEN). This is option #2 above, which trumps option #3. This also explains why the error you are seeing is "The security token included in the request is invalid."

So, your configured credentials are being overridden by environment credentials. Remove the credentials from your environment, and then re-run the awscli.