By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records. How to fix this?

0

I'm running a web app that uploads and retrieves files from s3 using an express backend, and it's currently live hosted on Heroku, where the access key id and secret key are set using config vars, absolutely no problems there it works perfectly fine. When I try to run the app locally I'm getting the error showing "InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records."/ I have tried setting the access key explicitly within the config object in my server.js file, I've tried setting my environment variables through windows, and have made sure that my .aws/credentials file also contains the correct keys, copied directly from IAM. I've also made a new access key that I've explicitly stated is for use on a local device, updated all of the above, and am getting the same error. Clearly the problem must be on my device somewhere but I've run out of places to check/change it - it even gives this error while my server is logging the correct config details when I boot it up. When I boot up the server I have it logging my s3client object, which outputs the same Access Key ID and the same Secret Access Key as my live site is currently using in its config vars, but I'm still being told the Access Key ID doesn't exist

Topics
Security, Identity, & ComplianceCompute
Tags
AWS Key Management ServiceSecurity, Identity, & ComplianceAWS Identity and Access ManagementWindows
Language
English
petewk
asked 8 months ago929 views
2 Answers
2
Accepted Answer

I'd suggest you to check the USERPROFILE if you are configuring the Credentials in Windows.

Try to enter the user profile and remove the .aws/credentials, .aws/config file and then you can try aws configure again.

Let me share a sample powershell script.

$awsCredentialsFile = "$env:USERPROFILE\.aws\credentials"
$awsConfigFile = "$env:USERPROFILE\.aws\config"
aws configure set aws_access_key_id $AccessKeyId
aws configure set aws_secret_access_key $SecretAccessKey
aws configure set region us-east-1

Reply here how it goes.

Bhuvan

profile picture
Bhuvan Prasad G
answered 8 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 7 months ago
  • petewk
    8 months ago

    Hi Bhuvan, This seems to have fixed it. I'd previously gone into the .aws\config file and made sure that the access key id and secret key matched what I had in the code and it didn't change anything. But this time on your recommendation I've completely deleted the files and run the aws configure again. Strangely enough, it even defaulted to the correct values, but after running aws configure it's now working. Thank you so much for your suggestion!

1

I'd start troubleshooting this by running following command, this is basically "whoami" of AWS:

  aws sts get-caller-identity

Based on the output of this, you'll get to know which user it is using.

Though you have already mentioned this, but I'd print AWS access key and secret access key from the variable, which you are using. Make sure those values are not getting logged to some persistent logs.

Comment here how it goes, happy to be part of your troubleshooting.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 8 months ago
  • petewk
    8 months ago

    Hi Abhishek, thanks for getting involved. I've run that command and it returns the account number and the user name that I've generated the access ID keys from, including the one that's currently running on my live site, so doesn't look like anything out of the ordinary there. What do you mean by making sure they're not getting logged to persistent logs? Thanks, Pete

  • secondabhi_aws EXPERT
    8 months ago

    No, I just wanted you to make sure that your access/secret key doesn't get logged somewhere from you can't delete it(just from security point)

  • secondabhi_aws EXPERT
    8 months ago

    What do you mean by "including the one that's currently running on my live site", could that be the problem? It should just return one identity. Sorry if I mistook you.

  • petewk
    8 months ago

    Sorry I just mean it's the account details that I used to create the access keys that are currently working on my live site, it does only return one identity.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content