I have an account in us-gov-west-1 region. Inside the AWS console cloudshell, I'm trying to run aws-cli commands. It looks like IAM calls fail, but others work. Every time I'm trying to run a IAM command, I get the following error:
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid
See this screenshot:
r/aws - IAM cli commands having issues in gov? I tried:
- Logging in and out of the account several times.
- Delete AWS Cloudshell home directory and starting over.
- Creating a new role with admin permissions, assuming it and calling the commands. All providing the same error, for every iam command I tried to run. I also have another account in a standard region with similar configurations and everything works properly there. The user I'm logging to the console with had admin permissions.
Does anyone have any idea? is it something related to gov?
--debugto see if that provides useful info. Also, while I wouldn't expect that error, do you actually have IAM permissions? Or are you perhaps missing MFA information required for the IAM calls?--endpoint-url https://s3-fips.us-gov-west-1.amazonaws.com --region us-gov-west-1in your command.aws sts get-session-tokensupplying the MFA serial number and token code, which would get you STS credentials that you can then use to call IAM APIs.