I am trying to create an aws instance through terraform. Despite generating multiple users with different key pairs, all of them seem to return a InvalidClientTokenID error when I try to terraform plan. Below are the options I've tried based on the research I've done:
This is my code:
provider "aws" {
# access_key = "redacted"
# secret_key = "redacted"
shared_credentials_files = "/home/nocnoc/.aws/credentials"
region = "eu-central-1"
}
resource "aws_instance" "example" {
ami = "ami-0965bd5ba4d59211c"
instance_type = "t3.micro"
}
This is the error message:
$terraform apply
╷
│ Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 2ea13d91-630c-40dc-84eb-72b26222aecb, api error InvalidClientTokenId: The security token included in the request is invalid.
│
│ with provider["registry.terraform.io/hashicorp/aws"],
│ on instance.tf line 1, in provider "aws":
│ 1: provider "aws" {
│
Are there any other options that I have not yet considered? I have MFA set up on my AWS account, but so did my tutor and the course didn't mention anything regarding adding a special field into the terraform file regarding that
I had exactly the same issue, valid credentials and aws sts get-caller-identity
worked.
The problem was that the ap-east-1
region that my aws
provider used was disabled for my account - AWS started adding new regions as disabled since March 2019.
The fix is to enable the region (Console: top right "Global", scroll down "Manage Regions") and wait a few minutes for the update to take place.
The standard regions like eu-central-1
for OP should be activated by default though, so the error must be a different one.
Confusingly the error message is exactly the same though, so I've answered in case more people like me find this post.