-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: SignatureDoesNotMatch: Credential should be scoped to a valid region, not 'us-east-1' #14873
Comments
@barath1406 Thanks for raising this issue. |
I have the same issue, setting
upd. 1
it worked out fine. upd. 2 |
See here for discussion on solutions. |
|
@RajendraVenkata This issue is because your system date/time is wrong. |
it helped me, thanks. |
saved my day.. didn't notice that !!! :D |
To resolve this issue, you just need to delete "rm -rf .terraform" and "rm -rf .terraform.lock.hcl" and then run this command "terraform init -backend-config="access_key=xxxxxxxxxxxxxxxxxxxx" -backend-config="secret_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"" |
The right set of commands should be:
and then run this command to configure backend After that you can run |
In my case, after rotating my AWS key, I had updated the The solutions suggested by @engr-usman and @arjungoel didn't work for me. |
Hey @fransf-wtax, did you configure the credentials again using |
@arjungoel All |
@fransf-wtax if you using aws vault or any other utility to login on aws cli then first you should logout and relogin then perform all of the above steps. |
In my test environment I was using the root users access and secret access key which did not work. After creating a dedicated user the error did not occur anymore. In detail I did the following steps:
After that |
Was the same issue for me as well, since it was a remote VM I didn't even pay attention to the timezone and was troubleshooting AWS credentials, although the time was off by seconds, making it consistent fixed the problem. |
I just faced this issue and the solution was simple. I'm using Terraform in Dokcer, and the
|
I am currently facing this issue @ryanisnan and @ginigangadharan, please how did you change the time? I used sudo date then typed the correct date and time but I got error as "command not found". Kindly send the command to use. Thank you |
@Helen-Chukwukelu I have adjusted the date/time and zone correctly |
@ginigangadharan I am finding it hard adjusting the time. Can you help with a command to do that? I am using aws CLI. Thank you |
Which OS are you referring to?
On Sun, 1 May 2022 at 4:53 PM, Helen-Chukwukelu ***@***.***> wrote:
@ginigangadharan <https://github.com/ginigangadharan> I am finding it
hard adjusting the time. Can you help with a command to do that? I am using
aws CLI. Thank you
—
Reply to this email directly, view it on GitHub
<#14873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCDINIYYCGQF6VPV2Y6KNLVHZBAFANCNFSM4QNDTIDQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Gineesh
linkedin.com/in/gineesh
|
@ginigangadharan I am using Centos 7. Below is the error is get Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: b7bcd89f-8502-434a-964b-4ee16a2b78cb, api error SignatureDoesNotMatch: Signature not yet current: 20220504T114431Z is still later than 20220504T040106Z (20220504T034606Z + 15 min.) |
Sometime if session disconnected or expired we have the sts:GetCallerIdentity error. Secondly check the IAM access keys status is active or inactive. Try following method as well, it works for me: |
this saved my day |
same with me |
none of the above worked for me.. somebody please help.... ╷ |
I wasn't providing the region in correct format, was passing ap-south=1 (typo) instead of ap-south-1, might help someone someday. |
For me it happened because the region I wanted to deploy in was not activated for my account. Had to do this first manually. |
Error: configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403 |
│ Error: configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 4b810be6-6aa5-4c03-a96c-f76ac6595318, api error SignatureDoesNotMatch: Signature expired: 20230126T150724Z is now earlier than 20230126T151006Z (20230126T152506Z - 15 min.) I am getting this error, I have tried everything written here but nothing works. |
try run this cmd and see if the aws is set properly. |
the command is returning this error Update: this command worked for me |
I am using vault for my creds in my local machine but i am facing issue as well resource "vault_aws_secret_backend" "aws_keys" { Error: Any pointers will be really helpful |
Check your security credentials, access key and secret access key |
Hi
…On Fri, 27 Jan 2023, 03:35 Ejiroghene Laurel Dafe, ***@***.***> wrote:
I am using vault for my creds in my local machine but i am facing issue as
well
provider "vault" {
address = "http://localhost:8200"
}
resource "vault_aws_secret_backend" "aws_keys" {
path = "awscloud"
}
*Error: configuring Terraform AWS Provider: error validating provider
credentials: error calling sts:GetCallerIdentity: operation error STS:
GetCallerIdentity, https response error StatusCode: 403, RequestID:
5d1aaf50-55d9-4f3e-bc88-e297500b43f8, api error InvalidClientTokenId: The
security token included in the request is invalid. │ │ with
provider["registry.terraform.io/hashicorp/aws
<http://registry.terraform.io/hashicorp/aws>"], │ on main.tf
<http://main.tf> line 11, in provider "aws": │ 11: provider "aws" { │*
Any pointers will be really helpful
Check your security credentials, access key and secret access key
—
Reply to this email directly, view it on GitHub
<#14873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A2PSOY2C5O5U45EQH5GL2GDWUM667ANCNFSM4QNDTIDQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Hi @EjiroLaurelD / @Erastus420 i have checked and changed creds to new(access key and secret key not sure of security credentials which you said . FYI: i am working on my windows machine |
the error is complaining about your security token, create a new vault token and try again |
I have the same issue and have changed my security token a hundred times
but it still doesn't work for me.
…On Fri, Jan 27, 2023 at 7:20 AM Ejiroghene Laurel Dafe < ***@***.***> wrote:
Hi @EjiroLaurelD <https://github.com/EjiroLaurelD> / @Erastus420
<https://github.com/Erastus420> i have checked and changed creds to
new(access key and secret key not sure of security credentials which you
said . FYI: i am working on my windows machine
the error is complaining about your security token, create a new vault
token and try again
—
Reply to this email directly, view it on GitHub
<#14873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEBIH2KNTVCMVXK37LEM6HTWUPRTJANCNFSM4QNDTIDQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Kofi Ken
|
If that doesn't work, confirm if you have environment variables set, it takes precedence over what you have in vault. |
|
Try using terraform cloud to store your access and secret keys. After that
you won't need to include any keys on your terraform script
…On Fri, 27 Jan 2023, 18:19 Ejiroghene Laurel Dafe, ***@***.***> wrote:
Hi @EjiroLaurelD <https://github.com/EjiroLaurelD> / @Erastus420
<https://github.com/Erastus420> i have checked and changed creds to
new(access key and secret key not sure of security credentials which you
said . FYI: i am working on my windows machine
the error is complaining about your security token, create a new vault
token and try again
If that doesn't work, confirm if you have environment variables set, it
takes precedence over what you have in vault.
—
Reply to this email directly, view it on GitHub
<#14873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AXVM7CFTEDPSKDC3DFGHRPLWUP7RFANCNFSM4QNDTIDQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Hey I got similar error, please help. I used the configuration from Terraform repository: Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error |
Still the same error I provided with new set of keys
…On Wed, 8 Feb 2023, 13:25 vineeth2207, ***@***.***> wrote:
Hey I got similar error, please help. I used the configuration from Terraform
repository
<https://developer.hashicorp.com/terraform/tutorials/configuration-language/variables>
:
Error: error configuring Terraform AWS Provider: error validating provider
credentials: error calling sts:GetCallerIdentity: operation error
STS: GetCallerIdentity, exceeded maximum number of attempts, 9, https
response error StatusCode: 0, RequestID: , request send failed, Post "
https://sts.var.aws_region.amazonaws.com/": dial tcp: lookup
sts.var.aws_region.amazonaws.com: no such host
│
│ with provider["registry.terraform.io/hashicorp/aws"],
│ on main.tf line 1, in provider "aws":
│ 1: provider "aws" {
—
Reply to this email directly, view it on GitHub
<#14873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ARBKDNOOLTTMC3B6ZFHQTKDWWNGNJANCNFSM4QNDTIDQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Try this code below and terraform plan after that. sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z" |
I ran the above code and still got an error message.
…On Wed, Feb 8, 2023 at 4:46 AM Saheed Anipupo ***@***.***> wrote:
Try this code below and terraform plan after that.
sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date:
| cut -d' ' -f5-8)Z"
—
Reply to this email directly, view it on GitHub
<#14873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEBIH2OWIQTL4JHTERYO2UTWWOIRDANCNFSM4QNDTIDQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Kofi Ken
|
Follow the instructions in the comment below and run the code again before you run terraform plan |
Mine is a windows PC installed vault on windows
On Wed, Feb 8, 2023 at 11:07 PM Saheed Anipupo ***@***.***>
wrote:
… I ran the above code and still got an error message.
… <#m_-8817181670819387881_>
On Wed, Feb 8, 2023 at 4:46 AM Saheed Anipupo *@*.*> wrote: Try this code
below and terraform plan after that. sudo date -s "$(wget -qSO-
--max-redirect=0 google.com <http://google.com> 2>&1 | grep Date: | cut -d'
' -f5-8)Z" — Reply to this email directly, view it on GitHub <#14873
(comment)
<#14873 (comment)>>,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AEBIH2OWIQTL4JHTERYO2UTWWOIRDANCNFSM4QNDTIDQ
<https://github.com/notifications/unsubscribe-auth/AEBIH2OWIQTL4JHTERYO2UTWWOIRDANCNFSM4QNDTIDQ>
. You are receiving this because you commented.Message ID: @.*>
-- Kofi Ken
*Follow the instructions in the comment below and run the code again
before you run terraform plan*
#14873 (comment)
<#14873 (comment)>
—
Reply to this email directly, view it on GitHub
<#14873 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ARBKDNOFC7VRBUQ2ZMNNTE3WWPKULANCNFSM4QNDTIDQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Thanks and Regards
Kowshik.G
Mobile: 9176559383
Profile:LinkedIn:* Linked_profile
<http://www.linkedin.com/in/kowshik-varma-g>*
|
aws configure help me on this issue |
if aws configure or setting the time zone doesn't fix this issue then cross check your code. Configure the AWS Providerprovider "aws" { |
you save my day @TomHowarth |
This command worked for me.. sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z" |
thanks man |
This issue was originally opened by @barath1406 as hashicorp/terraform#26001. It was migrated here as a result of the provider split. The original body of the issue is below.
Wrote a simple terraform script for EC2 Instance creation via assume role from provider file. Below are provider config content,
Provider File:
provider "aws" {
region = "eu-west-1"
access_key = "Access key value"
secret_key = "secret key value"
endpoints {
sts = "https://sts.eu-west-1.amazonaws.com"
}
assume_role {
role_arn = "role_name value"
session_name = "role_session_name"
}
}
Version Details:
terraform-0.12.29
terraform-provider-aws_v2.70.0_x4
terraform-provider-aws_v3.0.0_x5
terraform-provider-consul_v2.8.0_x4
terraform-provider-external_v1.2.0_x4
terraform-provider-null_v2.1.2_x4
terraform-provider-template_v2.1.2_x4
Provided Access and secret keys has privilege for STS assume role. During terraform plan we are getting below error, and it is stating "us-east-1" region and getting failed. But nowhere in the configuration we are pointing to "us-east-1". Could you please help me out here.
Error logs:
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: SignatureDoesNotMatch: Credential should be scoped to a valid region, not 'us-east-1'.
status code: 403, request id: xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxx
on provider.tf line 1, in provider "aws":
1: provider "aws" {
NOTE: We have manually generated the keys from the assume role and exported it to the environment variables, and AWS CLI commands are working fine, but however we are facing issue with the terraform plan.
The text was updated successfully, but these errors were encountered: