Skip to content
InvalidClientTokenId Error Due to Client/Region Signature Version Mismatch
July 23 2019

If you ever see this message from an AWS client call:

Type: Sender, Code: InvalidClientTokenId, Message: The security token included in the request is invalid

you want to check for any and all access issues (googling told me so). Confirm that the correct authentication is set up, whether via role, environment variable, config file or anything else.

But what caught me up today was that I was using a library that only supported Signature v2. I was trying to connect to an AWS region that only supported Signature v4. As soon as I connected to an older AWS region, the error message went away.

Here are some relevant docs about which regions and services support v2. If it isn’t on that list, you have to use v4.

Culture Foundry is a digital experience agency that helps our clients elevate their impact with beautiful technology. We provide the expertise and insight at every layer that makes a great digital experience for websites and applications possible. If you're committed to elevating your digital experience, contact us and we'd be happy to schedule a chat to see if we're a fit.

(Psst! We also happen to be a great place to work.)

Back To Top