Meaning
AWS rejected the request because the access key, session token, or credentials are invalid or belong to another account.
Causes
- Using the wrong access key or secret
- Expired or missing session token for temporary credentials
- Credentials from a different AWS account or region
Fixes
- Reconfigure credentials with the correct access key and secret
- Refresh temporary credentials (STS) and include the session token
- Verify the account and region used by the client
Example
The security token included in the request is invalid.
FAQ
- Does this mean my key is wrong?
Usually, yes. Recheck the key, secret, and session token. - Can an expired session token cause this?
Yes. Refresh temporary credentials and try again.
Contact
If you cannot resolve credentials, contact your AWS admin.