In my Jenkins build job I'm using this command to assume an AWS role:
$Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$IAM_ACCOUNT_ID`:role/$IAM_ROLE -RoleSessionName jenkins).Credentials
I'm getting the following error:
Use-STSRole : The security token included in the request is invalid.
Changing the AWS Role to an invalid role does not change the error message.
It works fine when logging into the server and using the command in Powershell directly.
It also works if I use a AWS CLI command:
aws sts assume-role --role-arn arn:aws:iam::%IAM_ACCOUNT_ID%:role/%IAM_ROLE% --role-session-name jenkins-deploy
Full error message:
Use-STSRole : The security token included in the request is invalid.
At C:\Users\svc-jenkins.WIN-KLBFC355P8D\AppData\Local\Temp\jenkins4822311255190032778.ps1:5 char:11
+ $Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$e ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Amazon.PowerShe...seSTSRoleCmdlet:UseSTSRoleCmdlet) [Use-STSRole], InvalidOperationException
+ FullyQualifiedErrorId : Amazon.SecurityToken.AmazonSecurityTokenServiceException,Amazon.PowerShell.Cmdlets.STS.UseSTSRoleCmdlet
It seems profiles with incorrect credentials where stored in AWS.
These where listed using Get-AWSCredentials:
Get-AWSCredentials -ListStoredCredentials
Then cleared using Remove-AWSCredentialProfile:
Remove-AWSCredentialProfile -ProfileName {MyProfileName}
If using an old version of AWS Powershell Tools you can use Clear-AWSCredentials instead:
Clear-AWSCredentials -ProfileName <String>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With