I have a container running in an ec2 instance attached with instance profile.
In my case, i have to use aws access key and secret key in the scripts running in the container to get access to aws resources in a different account in another aws partition.
I exported the env AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY and unset AWS_SESSION_TOKEN in the scripts.
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s" \
$(aws secretsmanager get-secret-value \
--secret-id arn:aws-cn:secretsmanager:********* \
--query 'SecretString' --output=text | jq '.ACCESS_KEY_TEST,.SECRET_KEY_TEST'))
unset AWS_SESSION_TOKEN
aws sts get-caller-identity
#aws sts get-caller-identity --region <region> ##not working either
Whatever i try, i cannot get rid of the error An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.
Please help! Thanks!
It surely means that the AWS_SECRET_ACCESS_KEY is bound to a AWS_SESSION_TOKEN and you need to provide it as part of your authentication.
The fact that you unset AWS_SESSION_TOKEN means you are removing all presence of this part of the credential set.