How to fix The security token included in the request is invalid error for Static Credentials in AWS Auth?

Hi everyone, I'm currently facing an issue with AWS Authentication (v.2.1.0) + Amazon DynamoDB Connector (v.1.0.1) where I can't use the Static Credentials for a simple ListTables Java Action use (and other actions as well): The error I'm getting is: The security token included in the request is invalid. (Service: DynamoDb, Status Code: 400.   I have already checked the Access Key ID and the Secret access key values with AWS CLI to confirm that they work (with AWS Session Token, as this is required for the credentials) and they do work. The problem seems to be that in the Static Credentials way of authenticating there's no way of providing the AWS Session Token that I have in AWS to provide the access to the account. As seen below, only Access key ID and Secret access key is required in the Static Credentials: Is there anything else that I'm missing for using the Static Credentials and solving the error message that I'm getting?
1 answers

Hi Oswaldo,


I'm Trong, a developer with the AWS development team at Mendix.


It sounds like the main issue here is integrating the AWS session token with the credential set in the AWS Authentication. From what you've mentioned, it's clear that you've already confirmed the access key and the secret access key are working as expected with the AWS CLI, provided the AWS Session Token is included.

To address your concern, if I understand correctly, you already have a session token generated, right? With the AWS Authentication module, you should still be able to authenticate with the Credentials object. Here's a suggested approach:

  1. Manually create the Credentials object (AWSAuthentication.Credentials).
  2. Set your access key in the AccessKeyId attribute and your secret key in the SecretAccessKey attribute.
  3. Set the Provider attribute to AWSAuthentication.CredentialsProvider.Session.
  4. Additionally, create a SessionToken object (AWSAuthentication.SessionToken) and input your session token in the Token attribute.
  5. Don't forget to set the association Credentials_SessionToken on the object you created second in the order of the microflow's execution (following this step-by-step it would be the SessionToken object).

I hope this method clears up the authentication issue you're facing. If you run into any more challenges or need further clarification, please don't hesitate to respond to this thread, I'll be sure to keep an eye out.