skip to Main Content
InvalidClientTokenId error due to client/region signature version mismatch
Director of Engineering
July 23 2019

If you ever see this message from an AWS client call:

Type: Sender, Code: InvalidClientTokenId, Message: The security token included in the request is invalid

you want to check for any and all access issues (googling told me so). Confirm that the correct authentication is set up, whether via role, environment variable, config file or anything else.

But what caught me up today was that I was using a library that only supported Signature v2. I was trying to connect to an AWS region that only supported Signature v4. As soon as I connected to an older AWS region, the error message went away.

Here are some relevant docs about which regions and services support v2. If it isn’t on that list, you have to use v4.

Culture Foundry is a next-level digital agency that helps you thrive in digital. We build, evolve and support websites and applications for clients who are graduating to the next level of complexity in their digital ventures. Our uncommon strengths are headless CMS architectures, design systems and 24/7 support. If you're not thriving in digital, you can be: Contact us to learn more.

(Psst! We also happen to be a great place to work.)

Back To Top