Hi
I am trying to build an API that fetches a list of EC2 instances from an account. I referred to the below blog post for solution.
[https://repost.aws/knowledge-center/iam-validate-access-credentials](blog post)
Without revelaing too much details, I am sharing the python code that I am using to achieve this
sts = boto3.client('sts',region_name=regionCode, endpoint_url=f'https://sts.{regionCode}.amazonaws.com')
#role_arn = f"arn:aws:iam::{accountId}:role/xxxxxxx"
role_arn = f"arn:aws:iam::{accountId}:role/xxxxxxx"
acct = sts.assume_role(RoleArn=role_arn,RoleSessionName="role-session")
access_key = acct['Credentials']['AccessKeyId']
secret_access_key = acct['Credentials']['SecretAccessKey']
session_token = acct['Credentials']['SessionToken']
ec2 = boto3.client('ec2',
aws_access_key_id=access_key,
aws_secret_access_key=secret_access_key,
aws_session_token=session_token,
region_name=regionCode)
here region code and accountId is parameterized which dynamically changes with a new id. Despite all the activity I am getting the below error message whilst invoking the function.
"An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the request is invalid."
Request help as early as possible.
Hi ,
Please find my replies
I cant reproduce your issue with my setup. The only time I have seen this before is when the IAM user has MFA enforced for CLi Access.