The security token included in the request is invalid

Hi All,

Love serverless and have been successfully deploying a few microservices with specific AWS credentials for a while (around 100 days I think) but today all the microservices are refusing to deploy with the following error…

Serverless: [AWS sts 403 0.374s 0 retries] getCallerIdentity({})

Serverless Error ---------------------------------------

ServerlessError: The security token included in the request is invalid.
at C:\snapshot\serverless\lib\plugins\aws\provider\awsProvider.js:1314:27
at runMicrotasks ()
at processTicksAndRejections (internal/process/task_queues.js:97:5)

Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com

Your Environment Information ---------------------------
Operating System: win32
Node Version: 12.18.1
Framework Version: 2.15.0 (standalone)
Plugin Version: 4.2.0
SDK Version: 2.3.2
Components Version: 3.4.3

I’m a bit stumped…

  1. It’s been working for a long time
  2. I don’t recall changing anything.
  3. the AWS cli works fine.
  4. I’ve tried creating a new API key and secret but that makes no difference.
  5. This started happening on all microservices on the same account at once.

Most of the research suggests that I’m using the wrong credentials but I’m definitely not. AWS credentials are definitely configured and have been in use for a while… I’ve got a number of profiles. I’ve double-checked.

It feels like something has expired (cert maybe?), but I’m a bit stumped as to how to debug it. Any thoughts or experience on this one?

Thanks :slight_smile:

This is the full debug btw…

$ SLS_DEBUG=* sls deploy
Serverless: Load command interactiveCli
Serverless: Load command config
Serverless: Load command config:credentials
Serverless: Load command create
Serverless: Load command install
Serverless: Load command package
Serverless: Load command deploy
Serverless: Load command deploy:function
Serverless: Load command deploy:list
Serverless: Load command deploy:list:functions
Serverless: Load command invoke
Serverless: Load command invoke:local
Serverless: Load command info
Serverless: Load command logs
Serverless: Load command metrics
Serverless: Load command print
Serverless: Load command remove
Serverless: Load command rollback
Serverless: Load command rollback:function
Serverless: Load command slstats
Serverless: Load command plugin
Serverless: Load command plugin
Serverless: Load command plugin:install
Serverless: Load command plugin
Serverless: Load command plugin:uninstall
Serverless: Load command plugin
Serverless: Load command plugin:list
Serverless: Load command plugin
Serverless: Load command plugin:search
Serverless: Load command config
Serverless: Load command config:credentials
Serverless: Load command rollback
Serverless: Load command rollback:function
Serverless: Load command upgrade
Serverless: Load command uninstall
Serverless: Load command create
Serverless: Load command create:test
Serverless: Load command create:function
Serverless: Load command invoke
Serverless: Load command invoke:test
Serverless: Load command create_domain
Serverless: Load command delete_domain
Serverless: Load command s3sync
Serverless: Load command s3sync:bucket
Serverless: Load command login
Serverless: Load command logout
Serverless: Load command generate-event
Serverless: Load command test
Serverless: Load command dashboard
Serverless: Load command output
Serverless: Load command output:get
Serverless: Load command output:list
Serverless: Load command param
Serverless: Load command param:get
Serverless: Load command param:list
Serverless: Load command studio
platform-sdk fetching: POST https://api.serverless.com/core/tenants/<HIDDEN>/applications/<HIDDEN>-service/profileValue
Serverless: Invoke deploy
Serverless: Invoke package
Serverless: Invoke aws:common:validate
Serverless: Invoke aws:common:cleanupTempDir
platform-sdk fetching: GET https://api.serverless.com/core/meta
platform-sdk fetching: GET https://api.serverless.com/core/tenants/<HIDDEN>/applications/<HIDDEN>-service
platform-sdk fetching: GET https://api.serverless.com/core/meta
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Invoke aws:package:finalize
AWS Pseudo Parameters
Skipping automatic replacement of regions with account region!
AWS Pseudo Parameter: Resources::AddCommentsLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
AWS Pseudo Parameter: Resources::GetCommentsLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
AWS Pseudo Parameter: Resources::CheckCommentExistsLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
AWS Pseudo Parameter: Resources::UpdateCommentLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
AWS Pseudo Parameter: Resources::GetCommentLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
AWS Pseudo Parameter: Resources::RemoveCommentLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
AWS Pseudo Parameter: Resources::AddCommentLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
AWS Pseudo Parameter: Resources::TestFunctionLambdaFunction::Properties::Environment::Variables::AWS_ACCOUNT_ID Replaced AWS::AccountId with ${AWS::AccountId}
Serverless: [AWS sts 403 0.377s 0 retries] getCallerIdentity({})

  Serverless Error ---------------------------------------

  ServerlessError: The security token included in the request is invalid.
      at C:\snapshot\serverless\lib\plugins\aws\provider\awsProvider.js:1314:27
      at runMicrotasks (<anonymous>)
      at processTicksAndRejections (internal/process/task_queues.js:97:5)

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Issues:        forum.serverless.com

  Your Environment Information ---------------------------
     Operating System:          win32
     Node Version:              12.18.1
     Framework Version:         2.15.0 (standalone)
     Plugin Version:            4.2.0
     SDK Version:               2.3.2
     Components Version:        3.4.3

I was pulling my hair out on this but have finally resolved it…

For anyone that hits this problem in future… the issue was actually with the provider settings on the serverless dashboard… for some reason (I’m not sure why) but provider in

https://app.serverless.com/MYCOMPANY/apps/SERVICE/SERVICE/settings/providers

…was changed to old AWS credentials.

I updated the key and secret there and le’viola all microservices now deploy again! Phew.

3 Likes

THIS IS THE WAY :mandalorian-emoji-here

I followed your advice and it worked out! :raised_hands:

What I am sad about is that I couldn’t make it work using the credentials file in the .aws folder.
Saying that because, in the very beginning when I was setting up my laptop, I first set up the AWS credentials and then set up the Serverless Framework credentials and everything was just working.
Then I did something and it all broke. :smile:

Cheers, @markcastle!