skip to Main Content
Technology
InvalidClientTokenId error due to client/region signature version mismatch
Director of Engineering
July 23 2019

If you ever see this message from an AWS client call:

Type: Sender, Code: InvalidClientTokenId, Message: The security token included in the request is invalid

you want to check for any and all access issues (googling told me so). Confirm that the correct authentication is set up, whether via role, environment variable, config file or anything else.

But what caught me up today was that I was using a library that only supported Signature v2. I was trying to connect to an AWS region that only supported Signature v4. As soon as I connected to an older AWS region, the error message went away.

Here are some relevant docs about which regions and services support v2. If it isn’t on that list, you have to use v4.

Back To Top
×Close search
Search