How do I resolve a not valid security token error in DynamoDB?

2 minute read

When I try to make a GET or PUT request in Amazon DynamoDB, I receive a "security token included in the request is invalid" error.

Short description

You might receive the "security token included in the request is invalid" error in the following situations:

You used a temporary credential for your AWS client and the credentials expired.
The security token that you used to authenticate your request is incorrect or malformed.
The Amazon Elastic Compute Cloud (Amazon EC2) instance date and time aren't correctly set and cause AWS to reject your credentials.

Resolution

**Note:**If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Use the Amazon Time Sync Service or another NTP source

To maintain an accurate time reference for your instance, configure the Amazon Time Sync Service or another Network Time Protocol (NTP) source.

Update your AWS credentials

To review your credentials, run the get-caller-identity command with the --debug setting. If your AWS credentials are incorrect, then run the update-access-key command to update your AWS access key ID and secret access key.

Configure your AWS CLI or AWS SDK with the correct credentials

To configure your credentials in the AWS CLI, run the configure command.

To configure your credentials in AWS SDKs, use environment variables, an AWS credentials file, or AWS Secrets Manager.

Refresh your temporary credentials

If you use temporary credentials for DynamoDB, then refresh your credentials 5 minutes before they expire.

Use an IAM role for your instance

If you use an EC2 instance as a client machine, then attach an instance profile to your instance. Verify that you don't specify any other credentials in your code or on the instance. The default credential provider chain searches the instance profile last. If the chain finds credentials earlier in the search order, then you can't use the AWS Identity and Access Management (IAM) role. For more information, see Configuration and credentials precedence.

Rotate your credentials

If you continue to experience issues, then rotate your credentials.

Related information

Using credentials providers in the AWS SDK for Java 2.x

Topics: Database
Tags: Amazon DynamoDB
Language: English

AWS OFFICIALUpdated a month ago

1 Comment

This article was reviewed and updated on 2026-04-15.

MODERATOR

AWS Official

replied 10 days ago

Relevant content

The security token included in the request is invalid on request to dynamoDB from Elastic beanstalk
kstozek
asked 3 years ago
Dynamo DB local Image 2.0.0 security token
Anthony Lock
asked 3 years ago
How can I troubleshoot intermittent 500 errors in my AWS Lambda function when processing DynamoDB streams using CloudWatch Logs and X-Ray?
Accepted Answer
Krishna Chaitanya Tatikonda
asked 2 years ago
Invalid security token in Python container in ECS
Emily
asked 2 years ago
why do I often have this error “Could not register service worker… violates the Content Security Policy” in deployment and testing in Lamda
Henry Ndubuisi Mbonu
asked 4 months ago
How do I resolve the unexpected token error when I import data from Amazon S3 to DynamoDB?
AWS OFFICIALUpdated 5 months ago
How do I troubleshoot the "ResourceNotFoundException" error in DynamoDB?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot a “No endpoints available” error in the DAX client?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot connection timeout issues in DynamoDB?
AWS OFFICIALUpdated 2 years ago
Troubleshooting "The Access Key ID or Security Token is Invalid" Error after Upgrading DynamoDB Local to Version 2.0.0 / 1.23.0 or Greater
EXPERT
Leeroy Hannigan
published 3 years ago