Error: error configuring Terraform AWS Provider:
error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 95e52463-8cd7-038-b924-3a5d4ad6ef03, api error InvalidClientTokenId: The security token included in the request is invalid. with provider["registry.terraform.io/hashicorp/aws"], on provider.tf line 1, in provider "aws": 1: provider "aws" {
I have only two files.
- instance.tf
resource "aws_instance" "web" {
ami = "ami-068257025f72f470d"
instance_type = "t2.micro"
tags = {
Name = "instance_using_terraform"
}
}
- provider.tf
provider "aws" {
region = "ap-east-1"
access_key = "xxxx"
secret_key = "xxxx/xxx+xxx"
}
7
Answers
Made mistake in the region where I declared entered the wrong namecode of region and access key - secret key '+' and '/' generating the error due to some symbols, you just need to try the new key till the access key contains only alphabetical string. (Symbols are lmao).
Check .aws folder(CONFIG FILE).
Try this
Also show us your main.tf file and where and how you define access.
In my test environment I was using the root users access and secret access key which did not work. After creating a dedicated user the error did not occur anymore.
In detail I did the following steps:
Created a user called terraform here
Created a new group Administrators with attached permissions Administrator Access by following the wizard
Copied access key and secret access key to ~/. aws /credentials
aws access key =xxx
aws secret access key=xxx
Created ~/.aws/config
[default]
region=us-west-2
May be Your passed AWS configure region is different from your terraform provider region
e.g: us-east-1 in AWS configure, us-east-1a in terraform provider region.
Please change those regions to the same.
In case anyone comes across this issue, I found that the workspace I was working in had environment variables set in Terraform Cloud for the AWS credentials. These were taking precedence over my local credentials and needed to be refreshed.
In mycase this issue is because your system date/time is wrong.
Set Time for my centos8 OS through following command
timedatectl status
timedatectl set-time HH:MM:SS
it will throw error saying
"Failed to set time: NTP unit is active“if you already have set NTP service on your machine"
sudo timedatectl set-local-rtc true
sudo timedatectl set-ntp false
sudo timedatectl set-time "yyyy-MM-dd hh:mm:ss"
timedatectl list-timezones
sudo timedatectl set-timezone Europe/Zagreb
sudo timedatectl set-ntp yes
Make sure to use the default region specified for your AWS IAM account