An error occurred (UnrecognizedClientException) when calling the GetSecretValue operation: The security token included in the request is invalid

Asked 20/8, 2020 at 6:26 Answered 20/6 at 23:26

python boto3 aws-sam

Please check below is the screenshot it is having problem. Aws credentials are configured correctly and its working fine when we use separately in boto3 but in SAM lambda function trigger it getting this error.enter image description here

tried with all solutions like checking "aws configure" & unset AWS_SECURITY_TOKEN & other solutions mentioned in other sources also tried but didn't work.

and In code am trying to do

session = boto3.session.Session()
secretsmanager = session.client('secretsmanager')

try:
        get_secret_value_response = secretsmanager.get_secret_value(
            SecretId=secret_name
        )
        secret = json.loads(get_secret_value_response['SecretString'])
    except ClientError as e:
        print(e)
        # print(sys.exc_info(),traceback.print_exc(file=sys.stdout))
    except Exception as e:
        print(sys.exc_info(),traceback.print_exc(file=sys.stdout))
        print(e)

Annia answered 20/8, 2020 at 6:26 Comment(1)

Double check your IAM credentials used for your program. Are you sure they are still valid? – Islek 20/8, 2020 at 6:41

Remove AWS credentials by deleting this file ~/.aws/credentials. Then re-run aws configure and pass valid security credentials. This should fix the issue that you are encountering.

If you have multiple profiles configured then edit ~/.aws/credentials and remove the profile that was used with this code.For example if you have used user1 while configuring the credentials then your file will have contents similar to below:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[user1]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

To solve this issue simply delete [user1] section from ~/.aws/credentials then re-run aws configure .

Rataplan answered 20/8, 2020 at 6:40 Comment(1)

Hi. What if in the file there are multiple profiles? Deleting the file will delete everything leading to more issues. – Islek 20/8, 2020 at 6:43

Maybe is a little different problem but I got the exactly same error locally because I set the default profile before getting the session.

So, if I run the script with:

boto3.setup_default_session(profile_name='myprofile')
session = boto3.session.Session()
secretsmanager = session.client('secretsmanager')

I got the same error as the question, probably because they didn't works well when used together.

To solve, you can just remove the session part:

boto3.setup_default_session(profile_name='myprofile')
secretsmanager = boto3.client('secretsmanager')

Unpredictable answered 16/6, 2021 at 15:58 Comment(0)

In my case, it wasn't working because I was missing the session token. I added the token in the boto3 Session and it worked:

session = boto3.session.Session(
    aws_access_key_id=AWS_ACCESS_KEY_ID,
    aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
    aws_session_token=AWS_SESSION_TOKEN,
)

Millrun answered 3/2, 2023 at 15:20 Comment(0)

In addition to deleting credentials file and running aws configure again, you can also run this in your terminal

export AWS_ACCESS_KEY_ID=your-access-key-id

export AWS_SECRET_ACCESS_KEY=your-secret-access-key

Airtight answered 28/2 at 6:28 Comment(0)

I have encountered a similar issue passing AWS Credentials through Environment variables and being unable to access it in my Python file. I discovered VS code has issues passing Environment variables.

To rectify this problem, you have to pass them directly:

 python3 path/to/your_code.py

This command will solve the issue of not being able to pass ENV variables in the code to get access credentials.

Moustache answered 20/6 at 23:26 Comment(0)

Recommended topics

Hot tags