Error: The security token included in the request is invalid - AWS DynamoDB

javascript amazon-web-services amazon-s3 amazon-dynamodb

12,221

The error message indicates a problem with credentials. Embedding credentials in local variables in a script poses a security risk. Please try to use one of the recommended methods to configure your client credentials, in decreasing order of preference:

AWS Identity and Access Management (IAM) roles (for example, in EC2 instance profiles or Lambda execution roles)
A shared credentials file (~/.aws/credentials)
Environment variables
A JSON file on disk

12,221

Author by

AmazingDayToday

Speak English, Russian, and Kazakh

Updated on June 28, 2022

Comments

AmazingDayToday almost 2 years
The file is stored in .js script and located in AWS S3.
```
AWS.config.update({
  region: "us-west-2",
  //endpoint: 'dynamodb.us-west-2.amazonaws.com',
  accessKeyId: "name",
  secretAccessKey: "pass"
});

var dynamodb = new AWS.DynamoDB({apiVersion: '2012-08-10'});
var params = {
    TableName : "table_name",
    ProjectionExpression:"company, link, budget",
    KeyConditionExpression: "company = :Adidas"
};
dynamodb.query(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});
```
I am trying to get data from DynamoDB, but instead get this:

Error: The security token included in the request is invalid. at Request.extractError (aws-sdk.js:96980) at Request.callListeners (aws-sdk.js:98762) at Request.emit (aws-sdk.js:98736) at Request.emit (aws-sdk.js:97899) at Request.transition (aws-sdk.js:97626) at AcceptorStateMachine.runTo (aws-sdk.js:101148) at aws-sdk.js:101160 at Request. (aws-sdk.js:97642) at Request. (aws-sdk.js:97901) at Request.callListeners (aws-sdk.js:98772) "UnrecognizedClientException: The security token included in the request is invalid. at Request.extractError (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:96980:27) at Request.callListeners (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:98762:20) at Request.emit (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:98736:10) at Request.emit (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:97899:14) at Request.transition (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:97626:10) at AcceptorStateMachine.runTo (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:101148:12) at https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:101160:10 at Request. (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:97642:9) at Request. (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:97901:12) at Request.callListeners (https://cdnjs.cloudflare.com/ajax/libs/aws-sdk/2.22.0/aws-sdk.js:98772:18)"

How can I make this work?
Thanh Truong about 6 years

Thanks. It works for me. I just changed my ~/.aws/credentials with a key in aws.
JG_GJ over 4 years

I am trying to do it, but I currently have no results. My folders are like this: proyect/.aws/config.json and my config.json: { "accessKeyId": "MYKEY", "secretAccessKey": "MYKEY", "region": "us-east-1" }
memoev almost 2 years

In my case I had to include my aws_session_token as well for it to work, client id and secret weren't enough. Something to keep in mind.