UnrecognizedClientException: The security token included in the request is invalid when calling AWS.SecretsManager

node.js aws-sdk loopback aws-secrets-manager

27,625

Solution 1

The "security token included in the request is invalid" error almost always means there is something wrong with your credentials. Either the accessKeyId or secretAccessKey (or both) are wrong.

You can try validating your credentials using the AWS cli using the STS get caller identity call before using them in your code.

Solution 2

You need to add the endpoint for that aws extract you token access defined with aws configure. Add this code join WHEN creating the table:

 --endpoint-url http://localhost:8000 //localhost in my case because I'm runing locally, but you can put there you domain or port server

AWS.config.update({
    region: "us-west-2",
    endpoint: "http://localhost:8000",
    accessKeyId: "your access id",
    secretAccessKey: "your acccess key"
});

27,625

Mani

I love Problem solving and to help others

Updated on July 09, 2022

Comments

Mani almost 2 years
I'm implementing AWS ClientManager to obtain secret variables saved in AWS. I had initial implementation like below:
```
// Load the AWS SDK
var AWS = require('aws-sdk'),
    region = "us-west-2",
    secretName = "secretName",
    accessKeyId = myAccessKey,
    secretAccessKey = mySecretAccessKey,
    secret,
    decodedBinarySecret;

var client = new AWS.SecretsManager({
    region: region,
});

client.getSecretValue({SecretId: secretName}, function(err, data) {
    if (err) {
      console.log("Error Happened");
      console.log(err);
    }
    else {
        if ('SecretString' in data) {
            secret = data.SecretString;
        } else {
            let buff = new Buffer(data.SecretBinary, 'base64');
            decodedBinarySecret = buff.toString('ascii');
        }
    }
});
```
When I start the server it throws the following exception

{ UnrecognizedClientException: The security token included in the request is invalid. message: 'The security token included in the request is invalid.', code: 'UnrecognizedClientException', time: 2019-07-01T12:16:00.021Z, requestId: 'c7ed53c1-fb70-4012-aa9f-5a9a3195a043', statusCode: 400, retryable: false, retryDelay: 40.923844792180674 }
- Rakesh_Kumar almost 4 years
  
  Were you able to figure out the issue? How you managed to resolve?
- Mani almost 4 years
  
  @Rakesh_Kumar No, I am sure it has to do something with location settings in aws console
imrok about 3 years

While running the CLI aws configure, I wasn't able to set the token. I had to manually copy the token inside the ~/.aws/credentials file from my application panel.
Libertatem over 2 years

I ran into a similar problem, and found the article very helpful. bobbyhadz.com/blog/… In my case, for some reason after setting up aws-cdk, my stack environment uses [default] user, which in my case was inactive.