"The AWS Access Key Id you provided does not exist in our records." when trying to use AWS CLI

11,974

Credentials starting with ASIA are temporary credentials generated via the Security Token Service, and must be used with a Token.

When you run your aws s3 sync command, it is using the [Default] credentials that do not have aws_security_token defined.

Try adding --profile sts to the command to make it use the [sts] credentials.

11,974

theGreenCabbage

A software developer and supporter of any language that facilitates open source methodologies, extensibility, versatility and collaboration. Currently Using: PHP, MySQL, and bash. Current Projects: OpenCart module development. I am also the only living programmer that's also a part time leafy green veggie. Yeah. I'm that good. I make you green with envy. Bachelor of Science in Computer Engineering Minor in Computer Science Grasshopper 3D developer KT Tools. A Grasshopper 3D tool suite I authored Make Eclipse Look and Work More Like Visual Studio

Updated on June 04, 2022

Comments

theGreenCabbage almost 2 years

I'm trying to access my S3 Bucket through the cli. I have everything setup up such as having a credentials file where I'm doing this cli work, making sure my environment variables for $AWS_SECRET_ACCESS_KEY and $AWS_ACCESS_KEY_ID have the right things in it, and manually setting them using aws configure.

credentials contains the following information, all blanked out that is:

[sts]
aws_access_key_id = ASIAXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXX
aws_security_token = XXXXXXXXXXXXXXXXXXXXXX
aws_session_expiration = 2018-11-03T00:21:25+0000
aws_session_token = XXXXXXXXXXXXXXXXXXXXXXX
[default]
aws_access_key_id = ASIAXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXX

Also just to make sure I have everything setup, I also ran aws configure:

(venv) ~/.aws $ aws configure list
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************XXXX shared-credentials-file
secret_key     ****************XXXX shared-credentials-file
    region  

          us-east-1      config-file    ~/.aws/config

However, when I run the following, it says I have this error:

(venv) ~/.aws $ aws s3 sync s3://mybucket/my/path ~/my/path
fatal error: An error occurred (InvalidAccessKeyId) when calling the ListObjectsV2 operation: The AWS Access Key Id you provided does not exist in our records.

I have no idea how to get around this and exhausted all my Googling options.

theGreenCabbage over 5 years

I ended up using Cyberduck to do everything, but I am sure this would have worked so I am giving you the answer.
Jason Capriotti about 4 years

One additional note; even if you have your profile set up correctly, but also have $AWS_SECRET_ACCESS_KEY and $AWS_ACCESS_KEY_ID environment variables set, you'll want to also set $AWS_SECURITY_TOKEN. The profile will be ignored when it sees those env vars.