search
Ctrlk

Error Validating Credentials for AWS Cluster: "InvalidClientTokenId: The security token included in

hashtag
Problem

Operations related to a cluster associated with an AWS-based cloud provider are failing with an error similar to the following.

Command failed: /opt/pf9/qbert/bin/terraform apply -auto-approve=true -refresh=true -state=/mnt/mysqlfs/qbert/cloud/aws/5fa93981-d3cc-4d57-a059-ba0cddf24996.tfstate -var-file=/mnt/mysqlfs/qbert/cloud/aws/5fa93981-d3cc-4d57-a059-ba0cddf24996.tfvars.json -no-color -input=false

Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.

	status code: 403, request id: e95ce36c-d1e7-419c-ac8b-8fb22fca86b8

hashtag
Environment

  • Platform9 Managed Kubernetes – All Versions

  • Qbert

  • AWS

hashtag
Cause

Your AWS credentials have been rotated or otherwise revoked.

circle-exclamation

Known Bug

Note: A known bug exists in Platform9 v5.3, v5.4 whereas values aren't propagated to the Terraform configuration which Qbert relies upon in order to reconcile the desired state of the cluster with the resources in AWS. A fix is included in Platform9 Managed Kubernetes v5.5 and Higher.

For customers on an affected version, please submit a support requestarrow-up-right and our team will reach back out with the required next steps.

hashtag
Resolution

  1. Manage your access keysarrow-up-right to validate if your key exists, and whether it has been rotated. (Create a new access keyarrow-up-right if necessary.)

  2. Navigate to the PF9 UI > Infrastructure > Cloud Providers.

  3. Select your cloud provider, and click on "Edit".

  4. Enter a new Secret Access Key .

  5. Click "Update Cloud Provider".

PreviousKubernetes Node in NotReady State After Reboot for Containerd Runtime ClusterNextPause Container Deletion Stuck Due To "WorkloadEndpoint not found" Error In CNI Plugin

Last updated