aws-vault で InvalidClientTokenId: The security token included in the request is invalid で怒られる
│ Error: error reading IAM Role (rds-enhanced-monitoring-dev-db): InvalidClientTokenId: The security token included in the request is invalid
│ status code: 403, request id: d09fe380-0c00-4485-9aeb-1e58740fdcb3ここに答えがあった
I’ve encountered the same problem. It’s caused by the AWS API restrictions, that won’t allow you to touch IAM related APIs using the account with MFA enabled, unless you pass the MFA token within the request. Work around it is to call:
$ aws-vault exec admin-iam –no-session – your_command It won’t use temporary credentials then. I know that’s not a perfect solution, but it works ;)
MFA認証しないと通らないトークンがあるようで、一時的な回避方法としては --no-session option を付与してやると通った