"The AWS Access Key Id you provided does not exist in our records." when trying to use AWS CLI

Question

I'm trying to access my S3 Bucket through the cli. I have everything setup up such as having a credentials file where I'm doing this cli work, making sure my environment variables for $AWS_SECRET_ACCESS_KEY and $AWS_ACCESS_KEY_ID have the right things in it, and manually setting them using aws configure.

credentials contains the following information, all blanked out that is:

[sts]
aws_access_key_id = ASIAXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXX
aws_security_token = XXXXXXXXXXXXXXXXXXXXXX
aws_session_expiration = 2018-11-03T00:21:25+0000
aws_session_token = XXXXXXXXXXXXXXXXXXXXXXX
[default]
aws_access_key_id = ASIAXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXX

Also just to make sure I have everything setup, I also ran aws configure:

(venv) ~/.aws $ aws configure list
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************XXXX shared-credentials-file
secret_key     ****************XXXX shared-credentials-file
    region  

          us-east-1      config-file    ~/.aws/config

However, when I run the following, it says I have this error:

(venv) ~/.aws $ aws s3 sync s3://mybucket/my/path ~/my/path
fatal error: An error occurred (InvalidAccessKeyId) when calling the ListObjectsV2 operation: The AWS Access Key Id you provided does not exist in our records.

I have no idea how to get around this and exhausted all my Googling options.

Answer 1

Credentials starting with ASIA are temporary credentials generated via the Security Token Service, and must be used with a Token.

When you run your aws s3 sync command, it is using the [Default] credentials that do not have aws_security_token defined.

Try adding --profile sts to the command to make it use the [sts] credentials.