Aws ecr authentication issue: The security token included in the request is invalid


I’ve got two projects, both of which build a docker image and then push that image to ECR. One project builds and pushes successfully, but the other fails when trying to obtain an ecr login with:

An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.

they are both using project specific env variables to specify the key and secret, for the specific circleci iam user, and I’d copied the variables from the project that builds successfully into the one that is not.

Below is the run commands within my config file:

aws configure set aws_access_key_id $AWS_KEY
aws configure set aws_secret_access_key $AWS_SECRET
aws configure set default.region us-east-1
aws configure set default.output json

login="$(aws ecr get-login --no-include-email --region us-east-1)"

docker build -f Dockerfile_prod --cache-from app -t app .

I do not have AWS Permissions set for either one of the projects, just the same project specific environment variables.

Any ideas? TIA

The security token included in the request is invalid.

The only thing that can cause this is an invalid token.

Could you try to re-add the ENVAR into the project that is not working? Copy and Paste directly from AWS. Double check to make sure that there are not leading or trailing spaces.

Thank you. I have done that as a check, and still getting the same error. But, I started by importing these vars from the other project where I am not getting the error, and I am able to access aws resources, so it’s baffling as to what is causing this authentication issue in this project.

I generated another key for my circle iam user, and then rebuilt the variables based on the new key credentials, and that works. Still odd that the initial means of importing the keys from an existing project was resulting in the auth/token failure. I’m going to try recreating this context and see if I can duplicate the issue.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.