AWS PowerShell Use-STSRole : The security token included in the request is invalid

Question

In my Jenkins build job I'm using this command to assume an AWS role:

$Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$IAM_ACCOUNT_ID`:role/$IAM_ROLE -RoleSessionName jenkins).Credentials

I'm getting the following error:

Use-STSRole : The security token included in the request is invalid.

Changing the AWS Role to an invalid role does not change the error message.

It works fine when logging into the server and using the command in Powershell directly.

It also works if I use a AWS CLI command:

aws sts assume-role --role-arn arn:aws:iam::%IAM_ACCOUNT_ID%:role/%IAM_ROLE% --role-session-name jenkins-deploy

Full error message:

Use-STSRole : The security token included in the request is invalid.
At C:\Users\svc-jenkins.WIN-KLBFC355P8D\AppData\Local\Temp\jenkins4822311255190032778.ps1:5 char:11
+ $Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$e ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Amazon.PowerShe...seSTSRoleCmdlet:UseSTSRoleCmdlet) [Use-STSRole], InvalidOperationException
    + FullyQualifiedErrorId : Amazon.SecurityToken.AmazonSecurityTokenServiceException,Amazon.PowerShell.Cmdlets.STS.UseSTSRoleCmdlet

Answer 1

It seems profiles with incorrect credentials where stored in AWS.

These where listed using Get-AWSCredentials:

Get-AWSCredentials -ListStoredCredentials

Then cleared using Remove-AWSCredentialProfile:

Remove-AWSCredentialProfile -ProfileName {MyProfileName}

If using an old version of AWS Powershell Tools you can use Clear-AWSCredentials instead:

Clear-AWSCredentials -ProfileName <String>