serverless: Security Token Included In the Request is Invalid

Serverless Framework Version: 0.5.6
Operating System: Mac OS X 10.11.5
Expected Behavior:

Serverless to create resources for me at the start of a project

Actual Behavior:
Serverless: Deploying resources to stage "dev" in region "us-east-1" via Cloudformation (~3 minutes)...
/usr/local/lib/node_modules/serverless/node_modules/bluebird/js/release/async.js:61
        fn = function () { throw arg; };
                           ^

ServerlessError: ServerlessError: The security token included in the request is invalid

I’m using MFA with the following environment variables already available within the session:

$AWS_ACCESS_KEY_ID
$AWS_SECRET_ACCESS_KEY
$AWS_SESSION_TOKEN

So I understood that Serverless would pick those up?

I know the environment is working fine, because the AWS CLI tool works fine.

Stack-Trace (Optional):

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 23 (4 by maintainers)

Most upvoted comments

I had the same problem. I tried $ export AWS_PROFILE="default" command and resolved my issue.

+52
MrPeker on Apr 28, 2019

I had the same issue. Turns out I created a new access + secret key and then thought I deleted the old one, but instead deleted the one I just made, and was using the old access key in my ~/.aws/config and ~/.aws/credentials files

+7
bentedder on Sep 15, 2018

This is how I solved it. If you configured your serverless with a --profile flag like this:

sls config credentials --profile <PROFILE_NAME> --provider ... --key ... --secret ...

then this should solve it: export AWS_PROFILE="<PROFILE_NAME>"

If you didn’t specify a --profile then the default profile should work as MrPeker mentioned export AWS_PROFILE="default"

+4
iHani on Dec 10, 2019

I had the same problem. I tried $ export AWS_PROFILE="default" command and resolved my issue.

This was exactly my problem. Isn’t any solution that does not involve using environment variables for selecting the profile?

+3
danielo515 on Jan 10, 2020

I created an IAM policy to allow all actions of AWS CloudFormation and attached that policy to the user, and the problem was resolved.

+3
objecteer on Jul 13, 2016

I encountered the same issue and finally solved it by specifying in the serverless.yml the same region I had in my AWS webpage.

+2
nucccc on Feb 7, 2021

I had the same error in spite of using - Correct credentials with Proper permission. The --verbose was not providing anything extra.

So assuming:

  1. You have the correct credentials i.e Access Key ID and Secret.
  2. The IAM user associated with creds from #1 has the required permissions

Back-up your ~/.aws/credentials file.

Passing the credentials via Environment variables “export AWS_SECRET_ACCESS_KEY=” and “export AWS_ACCESS_KEY_ID=” - DID NOT WORK

Now configuring the credentials file with the same KEY and SECRET via “serverless config credentials --provider aws --key YOURKEY --secret YOURSECRET” – WORKED FINE

Now this would have created a new ~/.aws/credentials file, Update this file with any profile info from the backup you have.

No idea as to why it fails with the environment variables approach.

+2
Kiran01bm on May 14, 2019
Read more comments on GitHub
← serverless: schema validations for environment variables fail
serverless: Serverless + NodeJS v8.0 = error on sls deploy →