I'm trying to deploy a cloudfront distribution and a waf into China using Terraform.
I get this error:
Acquiring state lock. This may take a few moments...
╷
│ Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
│ status code: 403, request id: 0342d33d-74e9-4195-b308-a0b1905928d1
│
│ with provider["registry.terraform.io/hashicorp/aws"],
│ on main.tf line 13, in provider "aws":
│ 13: provider "aws" {
My AWS credentials are correct and I even created new keys just in case and I get the same result. I also have administrator privileges in the account.
I tried creating new keys, I tried exporting the AWS profile in the directory where I'm running the code.
I'm deploying it in region Global, since that works in another AWS account which is non-China, and the China AWS console shows Cloudfront in Global, as well.
I continue to get the sts error no matter what I do. Hopefully I'm missing something simple.
This happens with the waf that I'll be deploying for Cloudfront, also.
All other China resources which are deployed into specific regions can be deployed successfully. I'm only having this issue with the global resources.
It's China...
China is notorious for these things. aka. the Great Chinese Firewall.
Honestly, just speak to your service providers to deal with the problem. It's 99% likely that this isn't going to be a 'you' problem, it's an infrastructure/political problem that needs to be resolved.
Ultimately you have a requirement, and your service provider is marketing that they can deliver this. If they can't, and you are experiencing issues, which you are, then that is their problem to resolve for you.
Doesn't really directly solve your problem, but does provide you a way forward.