Aws ecr authentication issue: The security token included in the request is invalid

whatch · May 4, 2018, 9:22pm

I’ve got two projects, both of which build a docker image and then push that image to ECR. One project builds and pushes successfully, but the other fails when trying to obtain an ecr login with:

An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.

they are both using project specific env variables to specify the key and secret, for the specific circleci iam user, and I’d copied the variables from the project that builds successfully into the one that is not.

Below is the run commands within my config file:

aws configure set aws_access_key_id $AWS_KEY
aws configure set aws_secret_access_key $AWS_SECRET
aws configure set default.region us-east-1
aws configure set default.output json

login="$(aws ecr get-login --no-include-email --region us-east-1)"
${login}

docker build -f Dockerfile_prod --cache-from app -t app .

I do not have AWS Permissions set for either one of the projects, just the same project specific environment variables.

Any ideas? TIA

levlaz · May 6, 2018, 4:22pm

The security token included in the request is invalid.

The only thing that can cause this is an invalid token.

Could you try to re-add the ENVAR into the project that is not working? Copy and Paste directly from AWS. Double check to make sure that there are not leading or trailing spaces.

whatch · May 8, 2018, 12:51pm

Thank you. I have done that as a check, and still getting the same error. But, I started by importing these vars from the other project where I am not getting the error, and I am able to access aws resources, so it’s baffling as to what is causing this authentication issue in this project.

whatch · May 8, 2018, 3:16pm

I generated another key for my circle iam user, and then rebuilt the variables based on the new key credentials, and that works. Still odd that the initial means of importing the keys from an existing project was resulting in the auth/token failure. I’m going to try recreating this context and see if I can duplicate the issue.

system · August 6, 2018, 3:16pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Please help - Cannot login to ECR repository Deployments nodejs , circle-yml	1	1972	July 19, 2022
How do I pass AWS session token to aws_auth: for pulling docker images from AWS ECR? Build Environment	7	1032	February 27, 2023
Error authentication with ECR: AWS credentials not found Build Environment	0	2119	January 20, 2021
Pushing to AWS Using circleci/aws-ecr@3.0.0 Orb Orbs aws	6	3822	March 11, 2019
Aws_auth doesn't see AWS_REGION Build Environment aws	1	3987	October 21, 2020

Aws ecr authentication issue: The security token included in the request is invalid

Related topics