EC2 API Error validating access credential

aws was not able to validate the provided access credentials boto3
aws credentials
aws was not able to validate the provided access credentials lambda
aws was not able to validate the provided access credentials servicenow
aws credential client
generate aws credentials
aws cli test credentials
aws cli credentials

I installed the ec2 api following the amazon guide. I setted up the access id and secret as environment variable.

Here it is my profile:

export AWS_ACCESS_KEY=XXXXX

export AWS_SECRET_KEY=XXXXXX

export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

export EC2_HOME=/usr/local/ec2/ec2-api-tools-1.7.1.0

export PATH=$PATH:$EC2_HOME/bin

Everythings looks configured as asked, but i can't connect to aws.

Here the output of the command ec2-describe-regions in verbose mode:

Client.AuthFailure: AWS was not able to validate the provided access credentials
ubuntu@ip:~$ ec2dre -v
Setting User-Agent to [ec2-api-tools 1.7.1.0]
2014-07-14 19:10:34,898 [main] DEBUG org.apache.http.wire  - >> "POST / HTTP/1.1[\r][\n]"
2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire  - >> "Host: ec2.amazonaws.com[\r][\n]"
2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire  - >> "X-Amz-Date: 20140714T191033Z[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Authorization: AWS4-HMAC-SHA256 Credential=AKIAIT64V5MH2HHF5QZQ/20140714/us-east-1/ec2/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=06920c7d37a24d8244feb630d87310238886294d3ae2ab40f68a362a799d9a62[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "User-Agent: ec2-api-tools 1.7.1.0, aws-sdk-java/unknown-version Linux/3.2.0-36-virtual OpenJDK_64-Bit_Server_VM/24.51-b03[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Content-Type: application/x-www-form-urlencoded; charset=utf-8[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Content-Length: 41[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Connection: Keep-Alive[\r][\n]"
2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "[\r][\n]"
2014-07-14 19:10:34,914 [main] DEBUG org.apache.http.wire  - >> "Action=DescribeRegions&Version=2014-06-15"
2014-07-14 19:10:34,984 [main] DEBUG org.apache.http.wire  - << "HTTP/1.1 401 Unauthorized[\r][\n]"
2014-07-14 19:10:35,002 [main] DEBUG org.apache.http.wire  - << "Transfer-Encoding: chunked[\r][\n]"
2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire  - << "Date: Mon, 14 Jul 2014 19:18:34 GMT[\r][\n]"
2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire  - << "Server: AmazonEC2[\r][\n]"
2014-07-14 19:10:35,010 [main] DEBUG org.apache.http.wire  - << "[\r][\n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "fe[\r][\n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "<?xml version="1.0" encoding="UTF-8"?>[\n]"
2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>cd2b128b-3d70-425b-a8a7-4856fd9a6b99</RequestID></Response>"
2014-07-14 19:10:35,278 [main] DEBUG org.apache.http.wire  - << "[\r][\n]"
2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire  - << "0[\r][\n]"
2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire  - << "[\r][\n]"
Client.AuthFailure: AWS was not able to validate the provided access credentials
Request ID: cd2b128b-3d70-425b-a8a7-4856fd9a6b99

Check that the server clock is synchronized.

If the clock is delayed, can cause this error:

AWS was not able to validate the provided access credentials

EC2 API Error validating access credential, There is a simple solution. Check whether your clock is synchronized. If not, you will receive this error: AWS was not able to validate the  I installed the ec2 API following the Amazon guide. I set up the access id and credentials Request ID: cd2b128b-3d70-425b-a8a7-4856fd9a6b99


I ran into this issue when my system clock was set falsely.

In my case the clock was running ahead by two hours.

Equally important is to put the commands in your .bashrc or similar file (.bash_aliases):

export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXX"
export AWS_SECRET_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

When there run source ~/.bashrc

The reason for the importance of this is that when running an ec2 command new shell instances are created that doesn't get the environment variables otherwise.

AWS was not able to validate the provided access credentials, I assumed an AWS Identity and Access Management (IAM) role and my API call returned an error similar to the following: "An error occurred  The incorrect SSL certificate validation reported in EC2 and ELB API tools could potentially allow a man-in-the-middle attacker to read, but not successfully modify, signed AWS REST/Query requests intended for secure (HTTPS) EC2 or ELB API endpoints. These issues do not allow an attacker to access customer instances or manipulate customer data.


Run aws s3 ls to confirm whether the error is related to time sync. You should get the error like:

An error occurred (RequestTimeTooSkewed) when calling the ListBuckets operation: The difference between the request time and the current time is too large.

If so, try to sync your datetime as suggested.

Example shell commands on Linux to do that:

# Install the ntpdate client for setting system time from NTP servers.
sudo apt-get --yes install ntpdate
sudo ntpdate 0.amazon.pool.ntp.org

Then re-try your aws command again.


If the timezone is still not correct, run: sudo dpkg-reconfigure tzdata to configure it, or by:

timedatectl list-timezones
timedatectl set-timezone 'Europe/London'

See also: Configure localtime. dpkg-reconfigure tzdata.

Error Codes - Amazon Elastic Compute Cloud, Amazon EC2 has two types of error codes: AuthFailure, The provided credentials could not be validated. You may For more information, see Controlling Access. see DecodeAuthorizationMessage in the AWS Security Token Service API  I installed the ec2 api following the amazon guide. I setted up the access id and secret as environment variable. Here it is my profile: export AWS_ACCESS_KEY=XXXXX


AWS CLI was working fine for me but all of a sudden it started failing with the following error

A client error (AuthFailure) occurred when calling the DescribeTags operation: AWS was not able to validate the provided access credentials

Tried with a new set of credentials, however that did not help.

It worked only after stop-start was performed on the EC2 instance (reboot might have also worked). Hence, it appears to be an issue with the particular EC2 instance from where the aws cli was executed.

AuthFailure => AWS was not able to validate the provided access , Please report this as a bug: AuthFailure => AWS was not able able to validate the provided access credentials (Fog::Compute::AWS::Error). تصدير EC2_HOME = / usr / local / ec2 / ec2-api-tools-1.7.1.0 . تصدير PATH = $ PATH: $ EC2_HOME / bin . يبدو تكوين كل شيء كما هو مطلوب ، ولكن لا يمكنني الاتصال aws. هنا خرج الأمر ec2-describ-zones في وضع verbose:


I had a similar issue. The clock on my local server was off. I corrected it with the following command.

sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"

Then, aws worked.

Error during AWS Discovery: AWS was not able to validate the , Cloud AWS Discovery was failing with Authentication errors though it is validated AWS was not able to validate the provided access credentials thread #4 - ProducerTemplate *** Script: Creating AWS API Client for : ec2 Code is pretty simple – we aren’t doing much, just validating the incoming token, calling the EC2 API, and returning the state transition result (e.g. running → stopping) back to the caller as confirmation; e.g. it will appear in the our client’s browser window.


AuthFailure: AWS was not able to validate the provided access, Create new AWS access key via steps in section Set Your AWS Credentials as Environment Variables for Use by Cluster API of this doc. Record  The only way I know of to receive this error is if the credentials are actually invalid for some reason. Perhaps they have been copied incorrectly or perhaps your account is not fully activated. If the problem was that the credentials are valid but they simply don't have access to the resources, you would get a 403 error rather than a 401.


Credentials, AWS_ACCESS_KEY_ID: The access key for your AWS account. Subsequent boto3 API calls will use the cached temporary credentials until they expire, using a client, the parameters you provide are run through a set of validation checks This includes a standard set of errors that are retried as well as support for retry  Client errors.These errors are usually caused by something the client did, such as specifying an incorrect or invalid parameter in the request, or using an action or resource on behalf of a user that doesn't have permission to use the action or resource.


An error occurred (AuthFailure) when calling the DescribeInstances , An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials. [ec2-user@ip-172-31-25-24 ~]$ puppet node_aws list --region eu-central-1 Error: AuthFailure => AWS was not able to validate the provided access credentials Error: Try 'puppet help node_aws list' for usage [ec2-user@ip-172-31-25-24 ~]$ any idea ? found nothing on google. thanks, -Jerry