Terraform-provider-aws: Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403
Hello
I'm new to Terraform and just trying to launch an AWS EC2 instance. I have created 4 files -
1. provider.tf file with below content:
provider "aws" {
access_key = "var.AWS_ACCESS_KEY"
secret_key = "var.AWS_SECRET_KEY"
region = "ap-south-1"
}
2. vars.tf file with below content:
variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}
3. resource.tf file with below content:
resource "aws_instance" "ashki" {
ami = "ami-09a7bbd08886aafdf"
instance_type = "t2.micro"
}
4. terraform.tfvars file with below content:
AWS_ACCESS_KEY = "XXXX"
AWS_SECRET_KEY = "XXXXf"
When i try to run 'terraform plan' i get below error :
"Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
status code: 403, request id: XYZ"
Can someone pls help me with this. I have gone through several threads reporting similar issue where i have tried regenerating credentials but that did not seem to help. I'm running Terraform version - Terraform v0.13.2
Thanks
ashki1
All 6 comments
If you're putting values in a tfvars file, you will need to reference that file on the command line. Try:
terraform plan -var-file terraform.tfvars
Note that it's best practice to not put access & secret keys in your terraform files. You can set them in the AWS CLI configuration files or in your environment and terraform will automatically pick them up. See the Authentication section here https://registry.terraform.io/providers/hashicorp/aws/latest/docs.
dthvt
on 17 Sep 2020
@dthvt thanks for the response. My apologies for the delayed response. I did try what you mentioned and I still get the same error. I understand that it is not recommended to use keys and secret in tfvars file but I was just trying it out to see how can I get that to work.
ashki1
on 22 Sep 2020
I didn't notice this before, but your provider block:
provider "aws" {
access_key = "var.AWS_ACCESS_KEY"
secret_key = "var.AWS_SECRET_KEY"
region = "ap-south-1"
}
is setting access_key to the string var.AWS_ACCESS_KEY. In order to use the variable value, you should remove the double-quotes. In other words, your provider block should look like this:
provider "aws" {
access_key = var.AWS_ACCESS_KEY
secret_key = var.AWS_SECRET_KEY
region = "ap-south-1"
}
(Or again, follow best practice and remove the access_key and secret_key from the terraform code and allow the provider to discover them using a more secure method.)
dthvt
on 22 Sep 2020
Thanks @dthvt , that worked! And yes, as a best practice I will remove the key and secret from terraform file.
ashki1
on 22 Sep 2020
@ashki1 if your issue is resolved, please consider closing it on Github so it doesn't stay in the queue for developer assistance. Thanks!
dthvt
on 23 Sep 2020
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 23 Oct 2020
Related issues
gothrek22
ยท
3Comments
hashibot
ยท
3Comments
hazmeister
ยท
3Comments
dvishniakov
ยท
3Comments
hashibot
ยท
3Comments