Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS PowerShell Use-STSRole : The security token included in the request is invalid

Tags:

In my Jenkins build job I'm using this command to assume an AWS role:

$Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$IAM_ACCOUNT_ID`:role/$IAM_ROLE -RoleSessionName jenkins).Credentials

I'm getting the following error:

Use-STSRole : The security token included in the request is invalid.

Changing the AWS Role to an invalid role does not change the error message.

It works fine when logging into the server and using the command in Powershell directly.

It also works if I use a AWS CLI command:

aws sts assume-role --role-arn arn:aws:iam::%IAM_ACCOUNT_ID%:role/%IAM_ROLE% --role-session-name jenkins-deploy

Full error message:

Use-STSRole : The security token included in the request is invalid.
At C:\Users\svc-jenkins.WIN-KLBFC355P8D\AppData\Local\Temp\jenkins4822311255190032778.ps1:5 char:11
+ $Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$e ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Amazon.PowerShe...seSTSRoleCmdlet:UseSTSRoleCmdlet) [Use-STSRole], InvalidOperationException
    + FullyQualifiedErrorId : Amazon.SecurityToken.AmazonSecurityTokenServiceException,Amazon.PowerShell.Cmdlets.STS.UseSTSRoleCmdlet
like image 859
Nic Avatar asked Apr 03 '17 22:04

Nic


1 Answers

It seems profiles with incorrect credentials where stored in AWS.

These where listed using Get-AWSCredentials:

Get-AWSCredentials -ListStoredCredentials

Then cleared using Remove-AWSCredentialProfile:

Remove-AWSCredentialProfile -ProfileName {MyProfileName}

If using an old version of AWS Powershell Tools you can use Clear-AWSCredentials instead:

Clear-AWSCredentials -ProfileName <String>
like image 88
Nic Avatar answered Sep 22 '22 09:09

Nic