Skip to content
Technology

InvalidClientTokenId Error Due to Client/Region Signature Version Mismatch

July 23, 2019

If you ever see this message from an AWS client call:

Type: Sender, Code: InvalidClientTokenId, Message: The security token included in the request is invalid

you want to check for any and all access issues (googling told me so). Confirm that the correct authentication is set up, whether via role, environment variable, config file or anything else.

But what caught me up today was that I was using a library that only supported Signature v2. I was trying to connect to an AWS region that only supported Signature v4. As soon as I connected to an older AWS region, the error message went away.

Here are some relevant docs about which regions and services support v2. If it isn’t on that list, you have to use v4.

Culture Foundry is a digital experience agency that helps our clients elevate their impact with beautiful technology. We provide the expertise and insight at every layer that makes a great digital experience for websites and applications possible. If you're committed to elevating your digital experience, contact us and we'd be happy to schedule a chat to see if we're a fit.

(Psst! We also happen to be a great place to work.)

Cultivate

Join the Culture Foundry Community

Even if you’re not ready to make the leap yet, you’ll find our community to be a helpful source of key insights and advice to help you learn more about how to thrive in digital. All are welcome.

Join the Community