aws cli: invalid security token on my local windows - amazon-web-services

I try to connect by aws cli from my laptop which has windows. I create access key and secret key by IAM on root use several times and use aws configure to set them, but I still get invalid token error. I know that my credential is set because when I run aws configure it shows up. The below is the log. Thanks for help.
PS C:\WINDOWS\system32> aws configure
AWS Access Key ID [****************PAPA]:
AWS Secret Access Key [****************vXOi]:
Default region name [us-east-1]:
Default output format [json]:
PS C:\WINDOWS\system32> aws lambda list-functions --debug
2019-01-27 15:14:36,022 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.16.96 Python/3.7.2 Windows/10 botocore/1.12.86
2019-01-27 15:14:36,023 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['lambda', 'list-functions', '--debug']
2019-01-27 15:14:36,023 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x000001A242791488>
2019-01-27 15:14:36,023 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x000001A242288620>
2019-01-27 15:14:36,023 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x000001A2422C47B8>
2019-01-27 15:14:36,025 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x000001A2425087B8>
2019-01-27 15:14:36,026 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\data\lambda\2015-03-31\service-2.json
2019-01-27 15:14:36,029 - MainThread - botocore.hooks - DEBUG - Event service-data-loaded.lambda: calling handler <function register_retries_for_service at 0x000001A241FBED08>
2019-01-27 15:14:36,029 - MainThread - botocore.handlers - DEBUG - Registering retry handlers for service: lambda
2019-01-27 15:14:36,030 - MainThread - botocore.hooks - DEBUG - Event building-command-table.lambda: calling handler <function add_waiters at 0x000001A24279B950>
2019-01-27 15:14:36,065 - MainThread - awscli.clidriver - DEBUG - OrderedDict([('master-region', <awscli.arguments.CLIArgument object at 0x000001A242921B00>), ('function-version', <awscli.arguments.CLIArgument object at 0x000001A242921B38>), ('marker', <awscli.arguments.CLIArgument object at 0x000001A242921C50>), ('max-items', <awscli.arguments.CLIArgument object at 0x000001A242921BA8>)])
2019-01-27 15:14:36,065 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function add_streaming_output_arg at 0x000001A242791730>
2019-01-27 15:14:36,065 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function add_cli_input_json at 0x000001A2422C4EA0>
2019-01-27 15:14:36,066 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function unify_paging_params at 0x000001A24271B9D8>
2019-01-27 15:14:36,103 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\data\lambda\2015-03-31\paginators-1.json
2019-01-27 15:14:36,104 - MainThread - awscli.customizations.paginate - DEBUG - Modifying paging parameters for operation: ListFunctions
2019-01-27 15:14:36,104 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.lambda.list-functions: calling handler <function add_generate_skeleton at 0x000001A2426F78C8>
2019-01-27 15:14:36,105 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.lambda.list-functions: calling handler <bound method OverrideRequiredArgsArgument.override_required_args of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x000001A242921CF8>>
2019-01-27 15:14:36,105 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.lambda.list-functions: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x000001A242930208>>
2019-01-27 15:14:36,105 - MainThread - botocore.hooks - DEBUG - Event operation-args-parsed.lambda.list-functions: calling handler functools.partial(<function check_should_enable_pagination at 0x000001A24271BAE8>, ['marker', 'max-items'], {'max-items': <awscli.arguments.CLIArgument object at 0x000001A242921BA8>}, OrderedDict([('master-region', <awscli.arguments.CLIArgument object at 0x000001A242921B00>), ('function-version', <awscli.arguments.CLIArgument object at 0x000001A242921B38>), ('marker', <awscli.arguments.CLIArgument object at 0x000001A242921C50>), ('max-items', <awscli.customizations.paginate.PageArgument object at 0x000001A242930128>), ('cli-input-json', <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x000001A242921CF8>), ('starting-token', <awscli.customizations.paginate.PageArgument object at 0x000001A242921D68>), ('page-size', <awscli.customizations.paginate.PageArgument object at 0x000001A242930080>), ('generate-cli-skeleton', <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x000001A242930208>)]))
2019-01-27 15:14:36,106 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.master-region: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,106 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.function-version: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,106 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.marker: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,107 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.max-items: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,107 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.cli-input-json: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,107 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.starting-token: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.page-size: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.lambda.list-functions.generate-cli-skeleton: calling handler <awscli.paramfile.URIArgumentHandler object at 0x000001A24286CF60>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event calling-command.lambda.list-functions: calling handler <bound method CliInputJSONArgument.add_to_call_parameters of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x000001A242921CF8>>
2019-01-27 15:14:36,108 - MainThread - botocore.hooks - DEBUG - Event calling-command.lambda.list-functions: calling handler <bound method GenerateCliSkeletonArgument.generate_json_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x000001A242930208>>
2019-01-27 15:14:36,109 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2019-01-27 15:14:36,109 - MainThread - botocore.credentials - INFO - Found credentials in environment variables.
2019-01-27 15:14:36,110 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\data\endpoints.json
2019-01-27 15:14:36,112 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x000001A241F990D0>
2019-01-27 15:14:36,113 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.lambda: calling handler <function add_generate_presigned_url at 0x000001A241F58F28>
2019-01-27 15:14:36,117 - MainThread - botocore.args - DEBUG - The s3 config key is not a dictionary type, ignoring its value of: None
2019-01-27 15:14:36,119 - MainThread - botocore.endpoint - DEBUG - Setting lambda timeout as (60, 60)
2019-01-27 15:14:36,120 - MainThread - botocore.client - DEBUG - Registering retry handlers for service: lambda
2019-01-27 15:14:36,121 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.lambda.ListFunctions: calling handler <function generate_idempotent_uuid at 0x000001A241FBE6A8>
2019-01-27 15:14:36,121 - MainThread - botocore.hooks - DEBUG - Event before-call.lambda.ListFunctions: calling handler <function inject_api_version_header_if_needed at 0x000001A241FC1598>
2019-01-27 15:14:36,121 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListFunctions) with params: {'url_path': '/2015-03-31/functions/', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'aws-cli/1.16.96 Python/3.7.2 Windows/10 botocore/1.12.86'}, 'body': b'', 'url': 'https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x000001A242A2BAC8>, 'has_streaming_input': False, 'auth_type': None}}
2019-01-27 15:14:36,122 - MainThread - botocore.hooks - DEBUG - Event request-created.lambda.ListFunctions: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x000001A242A2BA90>>
2019-01-27 15:14:36,122 - MainThread - botocore.hooks - DEBUG - Event choose-signer.lambda.ListFunctions: calling handler <function set_operation_specific_signer at 0x000001A241FBE598>
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
GET
/2015-03-31/functions/
host:lambda.us-east-1.amazonaws.com
x-amz-date:20190127T211436Z
host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20190127T211436Z
20190127/us-east-1/lambda/aws4_request
ce9b2c421afea074503fa22c16a82ef192791150d3fd511cc69409b18f20f300
2019-01-27 15:14:36,123 - MainThread - botocore.auth - DEBUG - Signature:
8d4a2a782be3622cc0ecac9e69eabb786feb7126f38851c10314155944fe359a
2019-01-27 15:14:36,124 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/, headers={'User-Agent': b'aws-cli/1.16.96 Python/3.7.2 Windows/10 botocore/1.12.86', 'X-Amz-Date': b'20190127T211436Z', 'Authorization': b'AWS4-HMAC-SHA256 Credential=AKIAIAC5Q6NZD6TIRSKQ/20190127/us-east-1/lambda/aws4_request, SignedHeaders=host;x-amz-date, Signature=8d4a2a782be3622cc0ecac9e69eabb786feb7126f38851c10314155944fe359a'}>
2019-01-27 15:14:36,124 - MainThread - urllib3.util.retry - DEBUG - Converted retries value: False -> Retry(total=False, connect=None, read=None, redirect=0, status=None)
2019-01-27 15:14:36,124 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): lambda.us-east-1.amazonaws.com:443
2019-01-27 15:14:36,445 - MainThread - urllib3.connectionpool - DEBUG - https://lambda.us-east-1.amazonaws.com:443 "GET /2015-03-31/functions/ HTTP/1.1" 403 68
2019-01-27 15:14:36,446 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Sun, 27 Jan 2019 21:14:37 GMT', 'Content-Type': 'application/json', 'Content-Length': '68', 'Connection': 'keep-alive', 'x-amzn-RequestId': '8d5f8d34-2278-11e9-b7ef-bd100b83dc62', 'x-amzn-ErrorType': 'UnrecognizedClientException'}
2019-01-27 15:14:36,447 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"message":"The security token included in the request is invalid."}'
2019-01-27 15:14:36,448 - MainThread - botocore.hooks - DEBUG - Event needs-retry.lambda.ListFunctions: calling handler <botocore.retryhandler.RetryHandler object at 0x000001A242911630>
2019-01-27 15:14:36,448 - MainThread - botocore.retryhandler - DEBUG - No retry needed.
2019-01-27 15:14:36,450 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 207, in main
return command_table[parsed_args.command](remaining, parsed_args)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 348, in __call__
return command_table[parsed_args.operation](remaining, parsed_globals)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 520, in __call__
call_parameters, parsed_globals)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 641, in invoke
self._display_response(operation_name, response, parsed_globals)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\clidriver.py", line 661, in _display_response
formatter(command_name, response)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\awscli\formatter.py", line 69, in __call__
response_data = response.build_full_result()
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\paginate.py", line 449, in build_full_result
for response in self:
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\paginate.py", line 255, in __iter__
response = self._make_request(current_kwargs)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\paginate.py", line 332, in _make_request
return self._method(**current_kwargs)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "C:\Users\navid\AppData\Local\Programs\Python\Python37\lib\site-packages\botocore\client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the ListFunctions operation: The security token included in the request is invalid.
2019-01-27 15:14:36,451 - MainThread - awscli.clidriver - DEBUG - Exiting with rc 255
An error occurred (UnrecognizedClientException) when calling the ListFunctions operation: The security token included in the request is invalid.


There are a number of ways that you can provide credentials to the awscli, and they are evaluated in the following order:
command line options
environment variables
awscli credentials file
awscli config file
container credentials
instance profile credentials
By running aws configure you have configured a set of credentials for option #3.
However, in the debug output that you shared with us, you can see:
INFO - Found credentials in environment variables.
This suggests that the awscli found credentials in your environment (via environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and possibly AWS_SESSION_TOKEN). This is option #2 above, which trumps option #3. This also explains why the error you are seeing is "The security token included in the request is invalid."
So, your configured credentials are being overridden by environment credentials. Remove the credentials from your environment, and then re-run the awscli.

Related

aws ecr get-login-password --debug ('String does not contain a date:', '')

I have 2 similar hosts, one of them can connect to ecr, the second one no. About the configuration, i checked everything... can't understand where is the problem
Tower:~$aws ecr get-login-password --debug 2022-10-10 20:23:39,188 -
MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.8.2
Python/3.9.11 Linux/5.14.0-1051-oem exe/x86_64.ubuntu.20 2022-10-10
20:23:39,188 - MainThread - awscli.clidriver - DEBUG - Arguments
entered to CLI: ['ecr', 'get-login-password', '--debug'] 2022-10-10
20:23:39,195 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.main: calling handler <function add_s3 at
0x7fb843eebaf0> 2022-10-10 20:23:39,195 - MainThread - botocore.hooks
DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x7fb844045940> 2022-10-10 20:23:39,195 - MainThread -
botocore.hooks - DEBUG - Event building-command-table.main: calling
handler <bound method BasicCommand.add_command of <class
'awscli.customizations.configure.configure.ConfigureCommand'>>
2022-10-10 20:23:39,195 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.main: calling handler <function change_name at
0x7fb8440e8a60> 2022-10-10 20:23:39,195 - MainThread - botocore.hooks
DEBUG - Event building-command-table.main: calling handler <function change_name at 0x7fb8440ecb80> 2022-10-10 20:23:39,195 - MainThread -
botocore.hooks - DEBUG - Event building-command-table.main: calling
handler <function alias_opsworks_cm at 0x7fb843e7f4c0> 2022-10-10
20:23:39,195 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.main: calling handler <function
add_history_commands at 0x7fb844014550> 2022-10-10 20:23:39,195 -
MainThread - botocore.hooks - DEBUG - Event
building-command-table.main: calling handler <bound method
BasicCommand.add_command of <class
'awscli.customizations.devcommands.CLIDevCommand'>> 2022-10-10
20:23:39,195 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.main: calling handler <function add_waiters at
0x7fb843e78700> 2022-10-10 20:23:39,195 - MainThread -
botocore.loaders - DEBUG - Loading JSON file:
/usr/local/aws-cli/v2/2.8.2/dist/awscli/data/cli.json 2022-10-10
20:23:39,197 - MainThread - botocore.hooks - DEBUG - Event
top-level-args-parsed: calling handler <function resolve_types at
0x7fb843f454c0> 2022-10-10 20:23:39,197 - MainThread - botocore.hooks
DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x7fb843f49040> 2022-10-10 20:23:39,197 -
MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed:
calling handler <function resolve_verify_ssl at 0x7fb843f45f70>
2022-10-10 20:23:39,197 - MainThread - botocore.hooks - DEBUG - Event
top-level-args-parsed: calling handler <function
resolve_cli_read_timeout at 0x7fb843f49160> 2022-10-10 20:23:39,197 -
MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed:
calling handler <function resolve_cli_connect_timeout at
0x7fb843f490d0> 2022-10-10 20:23:39,197 - MainThread - botocore.hooks
DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x7fb843e1aa40> 2022-10-10
20:23:39,197 - MainThread - awscli.clidriver - DEBUG - CLI version:
aws-cli/2.8.2 Python/3.9.11 Linux/5.14.0-1051-oem exe/x86_64.ubuntu.20
prompt/off 2022-10-10 20:23:39,197 - MainThread - awscli.clidriver -
DEBUG - Arguments entered to CLI: ['ecr', 'get-login-password',
'--debug'] 2022-10-10 20:23:39,198 - MainThread - botocore.hooks -
DEBUG - Event session-initialized: calling handler <function
add_timestamp_parser at 0x7fb843e70160> 2022-10-10 20:23:39,198 -
MainThread - botocore.hooks - DEBUG - Event session-initialized:
calling handler <function register_uri_param_handler at
0x7fb84492e9d0> 2022-10-10 20:23:39,198 - MainThread - botocore.hooks
DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x7fb843e61940> 2022-10-10 20:23:39,198 -
MainThread - botocore.hooks - DEBUG - Event session-initialized:
calling handler <function no_pager_handler at 0x7fb844928dc0>
2022-10-10 20:23:39,198 - MainThread - botocore.hooks - DEBUG - Event
session-initialized: calling handler <function
inject_assume_role_provider_cache at 0x7fb844890820> 2022-10-10
20:23:39,198 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT:
http://169.254.169.254/ 2022-10-10 20:23:39,199 - MainThread -
botocore.hooks - DEBUG - Event session-initialized: calling handler
<function attach_history_handler at 0x7fb844014430> 2022-10-10
20:23:39,199 - MainThread - botocore.hooks - DEBUG - Event
session-initialized: calling handler <function inject_json_file_cache
at 0x7fb844041820> 2022-10-10 20:23:39,205 - MainThread -
botocore.loaders - DEBUG - Loading JSON file:
/usr/local/aws-cli/v2/2.8.2/dist/awscli/botocore/data/ecr/2015-09-21/service-2.json
2022-10-10 20:23:39,209 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.ecr: calling handler <function _inject_commands
at 0x7fb844020af0> 2022-10-10 20:23:39,209 - MainThread -
botocore.hooks - DEBUG - Event building-command-table.ecr: calling
handler <function add_waiters at 0x7fb843e78700> 2022-10-10
20:23:39,215 - MainThread - botocore.loaders - DEBUG - Loading JSON
file:
/usr/local/aws-cli/v2/2.8.2/dist/awscli/botocore/data/ecr/2015-09-21/waiters-2.json
2022-10-10 20:23:39,215 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.ecr_get-login-password: calling handler
<function add_waiters at 0x7fb843e78700> 2022-10-10 20:23:39,215 -
MainThread - botocore.credentials - DEBUG - Looking for credentials
via: env 2022-10-10 20:23:39,215 - MainThread - botocore.credentials -
DEBUG - Looking for credentials via: assume-role 2022-10-10
20:23:39,215 - MainThread - botocore.credentials - DEBUG - Looking for
credentials via: assume-role-with-web-identity 2022-10-10 20:23:39,216
MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso 2022-10-10 20:23:39,216 - MainThread - botocore.credentials -
DEBUG - Looking for credentials via: shared-credentials-file
2022-10-10 20:23:39,216 - MainThread - botocore.credentials - DEBUG -
Looking for credentials via: custom-process 2022-10-10 20:23:53,322 -
MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last): File "awscli/clidriver.py", line
458, in main File "awscli/clidriver.py", line 593, in call File
"awscli/customizations/commands.py", line 191, in call File
"awscli/customizations/ecr.py", line 36, in _run_main File
"awscli/customizations/utils.py", line 160, in
create_client_from_parsed_globals File "awscli/botocore/session.py",
line 837, in create_client File "awscli/botocore/session.py", line
442, in get_credentials File "awscli/botocore/credentials.py", line
1987, in load_credentials File "awscli/botocore/credentials.py", line
974, in load File "awscli/botocore/credentials.py", line 420, in
create_from_metadata File "awscli/botocore/credentials.py", line 571,
in _expiry_datetime File "dateutil/parser/_parser.py", line 1301, in
parse File "dateutil/parser/_parser.py", line 610, in parse
ValueError: ('String does not contain a date:', '')
('String does not contain a date:', '')
Also i'm used another cli version but it doesn't help
aws ecr get-login --no-include-email --debug
2022-10-10 20:44:15,044 - MainThread - awscli.clidriver - DEBUG - CLI
version: aws-cli/1.25.90 Python/3.8.10 Linux/5.14.0-1051-oem
botocore/1.27.89 2022-10-10 20:44:15,044 - MainThread -
awscli.clidriver - DEBUG - Arguments entered to CLI: ['ecr',
'get-login', '--no-include-email', '--debug'] 2022-10-10 20:44:15,044
MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x7f29d2fb71f0>
2022-10-10 20:44:15,045 - MainThread - botocore.hooks - DEBUG - Event
session-initialized: calling handler <function
register_uri_param_handler at 0x7f29d34e2dc0> 2022-10-10 20:44:15,045
MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at
0x7f29d3440940> 2022-10-10 20:44:15,046 - MainThread - botocore.utils
DEBUG - IMDS ENDPOINT: http://169.254.169.254/ 2022-10-10 20:44:15,047 - MainThread - botocore.hooks - DEBUG - Event
session-initialized: calling handler <function attach_history_handler
at 0x7f29d30ee5e0> 2022-10-10 20:44:15,047 - MainThread -
botocore.loaders - DEBUG - Loading JSON file:
/usr/local/aws/lib/python3.8/site-packages/botocore/data/ecr/2015-09-21/service-2.json
2022-10-10 20:44:15,048 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.ecr: calling handler <function
_inject_commands at 0x7f29d3081310> 2022-10-10 20:44:15,048 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.ecr: calling handler <function add_waiters at
0x7f29d2fbda60> 2022-10-10 20:44:15,052 - MainThread -
botocore.loaders - DEBUG - Loading JSON file:
/usr/local/aws/lib/python3.8/site-packages/botocore/data/ecr/2015-09-21/waiters-2.json
2022-10-10 20:44:15,052 - MainThread - botocore.hooks - DEBUG - Event
building-command-table.get-login: calling handler <function
add_waiters at 0x7f29d2fbda60> 2022-10-10 20:44:15,052 - MainThread -
botocore.hooks - DEBUG - Event
before-building-argument-table-parser.ecr.get-login: calling handler
<function update_endpoint_url at 0x7f29d2f5a5e0> 2022-10-10
20:44:15,053 - MainThread - botocore.hooks - DEBUG - Event
load-cli-arg.custom.get-login.registry-ids: calling handler
<awscli.paramfile.URIArgumentHandler object at 0x7f29d2e9a070>
2022-10-10 20:44:15,053 - MainThread - botocore.hooks - DEBUG - Event
load-cli-arg.custom.get-login.include-email: calling handler
<awscli.paramfile.URIArgumentHandler object at 0x7f29d2e9a070>
2022-10-10 20:44:15,053 - MainThread - botocore.hooks - DEBUG - Event
process-cli-arg.custom.get-login: calling handler
<awscli.argprocess.ParamShorthandParser object at 0x7f29d3487370>
2022-10-10 20:44:15,053 - MainThread - botocore.credentials - DEBUG -
Looking for credentials via: env 2022-10-10 20:44:15,053 - MainThread
botocore.credentials - DEBUG - Looking for credentials via: assume-role 2022-10-10 20:44:15,053 - MainThread -
botocore.credentials - DEBUG - Looking for credentials via:
assume-role-with-web-identity 2022-10-10 20:44:15,053 - MainThread -
botocore.credentials - DEBUG - Looking for credentials via: sso
2022-10-10 20:44:15,053 - MainThread - botocore.credentials - DEBUG -
Looking for credentials via: shared-credentials-file 2022-10-10
20:44:15,053 - MainThread - botocore.credentials - DEBUG - Looking
for credentials via: custom-process 2022-10-10 20:44:19,465 -
MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last): File
"/usr/local/aws/lib/python3.8/site-packages/awscli/clidriver.py",
line 217, in main
return command_table[parsed_args.command](remaining, parsed_args) File
"/usr/local/aws/lib/python3.8/site-packages/awscli/clidriver.py",
line 361, in call
return command_table[parsed_args.operation](remaining, parsed_globals) File
"/usr/local/aws/lib/python3.8/site-packages/awscli/customizations/commands.py",
line 187, in call
return self._run_main(parsed_args, parsed_globals) File "/usr/local/aws/lib/python3.8/site-packages/awscli/customizations/ecr.py",
line 70, in _run_main
ecr_client = create_client_from_parsed_globals( File "/usr/local/aws/lib/python3.8/site-packages/awscli/customizations/utils.py",
line 175, in create_client_from_parsed_globals
return session.create_client(service_name, **client_args) File "/usr/local/aws/lib/python3.8/site-packages/botocore/session.py",
line 951, in create_client
credentials = self.get_credentials() File "/usr/local/aws/lib/python3.8/site-packages/botocore/session.py",
line 507, in get_credentials
self._credentials = self._components.get_component( File "/usr/local/aws/lib/python3.8/site-packages/botocore/credentials.py",
line 2095, in load_credentials
creds = provider.load() File "/usr/local/aws/lib/python3.8/site-packages/botocore/credentials.py",
line 1035, in load
return RefreshableCredentials.create_from_metadata( File "/usr/local/aws/lib/python3.8/site-packages/botocore/credentials.py",
line 449, in create_from_metadata
expiry_time=cls._expiry_datetime(metadata['expiry_time']), File
"/usr/local/aws/lib/python3.8/site-packages/botocore/credentials.py",
line 607, in _expiry_datetime
return parse(time_str) File "/usr/local/aws/lib/python3.8/site-packages/dateutil/parser/_parser.py",
line 1368, in parse
return DEFAULTPARSER.parse(timestr, **kwargs) File "/usr/local/aws/lib/python3.8/site-packages/dateutil/parser/_parser.py",
line 646, in parse
raise ParserError("String does not contain a date: %s", timestr) dateutil.parser._parser.ParserError: String does not contain a
date: 2022-10-10 20:44:19,470 - MainThread - awscli.clidriver -
DEBUG - Exiting with rc 255
String does not contain a date:

Unable to Assume Role to Cross Account using MFA. The aws cli doesn't gives any output

I am setting up cross account access between 2 AWS accounts. I am able to successfully assume role when MFA is not required. But when I add a condition to require MFA in the Trust Policy, then my aws cli just gets stuck.
Ideally when I run the below command, aws cli should prompt me for MFA token,
aws s3 ls --profile mfa
When I run the above command using --debug then I get the below output
2019-10-01 20:18:22,646 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.16.249 Python/3.7.4 Windows/10 botocore/1.12.239
2019-10-01 20:18:22,646 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['s3', 'ls', '--profile', 'mfa', '--debug']
2019-10-01 20:18:22,646 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x03BC6348>
2019-10-01 20:18:22,646 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x037B7810>
2019-10-01 20:18:22,649 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x037D4858>
2019-10-01 20:18:22,651 - MainThread - botocore.credentials - DEBUG - Skipping environment variable credential check because profile name was explicitly set.
2019-10-01 20:18:22,651 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x03ABB228>
2019-10-01 20:18:22,654 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3: calling handler <function add_waiters at 0x03BD20C0>
2019-10-01 20:18:22,656 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.s3.anonymous: calling handler <awscli.paramfile.URIArgumentHandler object at 0x03C50870>
2019-10-01 20:18:22,657 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ls: calling handler <function add_waiters at 0x03BD20C0>
2019-10-01 20:18:22,660 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.paths: calling handler <awscli.paramfile.URIArgumentHandler object at 0x03C50870>
2019-10-01 20:18:22,660 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.anonymous: calling handler <awscli.paramfile.URIArgumentHandler object at 0x03C50870>
2019-10-01 20:18:22,660 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.page-size: calling handler <awscli.paramfile.URIArgumentHandler object at 0x03C50870>
2019-10-01 20:18:22,660 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.human-readable: calling handler <awscli.paramfile.URIArgumentHandler object at 0x03C50870>
2019-10-01 20:18:22,661 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.ls: calling handler <awscli.argprocess.ParamShorthandParser object at 0x035EAF10>
2019-10-01 20:18:22,661 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.summarize: calling handler <awscli.paramfile.URIArgumentHandler object at 0x03C50870>
2019-10-01 20:18:22,661 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.ls: calling handler <awscli.argprocess.ParamShorthandParser object at 0x035EAF10>
2019-10-01 20:18:22,661 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.request-payer: calling handler <awscli.paramfile.URIArgumentHandler object at 0x03C50870>
2019-10-01 20:18:22,662 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2019-10-01 20:18:22,662 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2019-10-01 20:18:22,662 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2019-10-01 20:18:22,664 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2019-10-01 20:18:22,665 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\Samrat\AppData\Roaming\Python\Python37\site-packages\botocore\data\endpoints.json
2019-10-01 20:18:22,668 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x03583618>
2019-10-01 20:18:22,675 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\Samrat\AppData\Roaming\Python\Python37\site-packages\botocore\data\s3\2006-03-01\service-2.json
2019-10-01 20:18:22,704 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x0356D390>
2019-10-01 20:18:22,704 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x0356D270>
2019-10-01 20:18:22,705 - MainThread - botocore.args - DEBUG - The s3 config key is not a dictionary type, ignoring its value of: None
2019-10-01 20:18:22,711 - MainThread - botocore.endpoint - DEBUG - Setting s3 timeout as (60, 60)
2019-10-01 20:18:22,715 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Users\Samrat\AppData\Roaming\Python\Python37\site-packages\botocore\data\_retry.json
2019-10-01 20:18:22,716 - MainThread - botocore.client - DEBUG - Registering retry handlers for service: s3
2019-10-01 20:18:22,716 - MainThread - botocore.client - DEBUG - Defaulting to S3 virtual host style addressing with path style addressing fallback.
2019-10-01 20:18:22,716 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function validate_bucket_name at 0x0358C3D8>
2019-10-01 20:18:22,716 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <bound method S3RegionRedirector.redirect_from_cache of <botocore.utils.S3RegionRedirector object at 0x03EB6710>>
2019-10-01 20:18:22,719 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function generate_idempotent_uuid at 0x0358C1E0>
2019-10-01 20:18:22,719 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <function add_expect_header at 0x0358C588>
2019-10-01 20:18:22,719 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <bound method S3RegionRedirector.set_request_url of <botocore.utils.S3RegionRedirector object at 0x03EB6710>>
2019-10-01 20:18:22,719 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <function inject_api_version_header_if_needed at 0x0358CF18>
2019-10-01 20:18:22,719 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListBuckets) with params: {'url_path': '/', 'query_string': '', 'method': 'GET', 'headers': {'User-Agent': 'aws-cli/1.16.249 Python/3.7.4 Windows/10 botocore/1.12.239'}, 'body': b'', 'url': 'https://s3.amazonaws.com/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x03EB6410>, 'has_streaming_input': False, 'auth_type': None, 'signing': {'bucket': None}}}
2019-10-01 20:18:22,720 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.ListBuckets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x03EB63F0>>
2019-10-01 20:18:22,720 - MainThread - botocore.hooks - DEBUG - Event choose-signer.s3.ListBuckets: calling handler <bound method ClientCreator._default_s3_presign_to_sigv2 of <botocore.client.ClientCreator object at 0x0378E510>>
2019-10-01 20:18:22,720 - MainThread - botocore.hooks - DEBUG - Event choose-signer.s3.ListBuckets: calling handler <function set_operation_specific_signer at 0x0358C150>
2019-10-01 20:18:22,720 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <function fix_s3_host at 0x0348EBB8>
Below are my ~/.aws/credentials and ~/.aws/config file
# ~/.aws/credentials
[default]
aws_access_key_id = <ACCESS_KEY_ID>
aws_secret_access_key = <SECRET_ACCESS_KEY>
# ~/.aws/config
[default]
region = us-east-1
output = json
[profile mfa]
region = us-east-1
role_arn = arn:aws:iam::<Trusting-Account-ID>:role/RoleName
source_profile = default
mfa_serial = arn:aws:iam::<Trusted-Account-ID>:mfa/user
Can anyone tell me what am I missing. Thanks!

My understanding, you will not be prompted for the one-time-password (OTP) when attempting to list the bucket. If you are using an MFA device, you must first create a temporary session token via the STS service instead and use that token for making the S3 call.
For example:
aws sts get-session-token --serial-number arn-of-the-mfa-device --token-code code-from-token
Will return the temporary credential:
{
"Credentials": {
"SecretAccessKey": "secret-access-key",
"SessionToken": "temporary-session-token",
"Expiration": "expiration-date-time",
"AccessKeyId": "access-key-id"
}
}
Update your aws CLI configuration to use the temporary credentials:
[mfa]
aws_access_key_id = example-access-key-as-in-returned-output
aws_secret_access_key = example-secret-access-key-as-in-returned-output
aws_session_token = example-session-Token-as-in-returned-output
You then use that temporary credential when interacting with S3:
aws s3 ls --profile mfa
Source: https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/

Couldn't access Amazon SQS neither via AWS CLI nor AWS SDK

I installed aws cli and configured it. The credentials file is located under ~/.aws/credentials. Contents of it is as follow:
[default]
aws_access_key_id = AKIA........PRYIA
aws_secret_access_key = OsLzxDH........HlPDt39lnY
Also here is my config file under /.aws/config :
[default]
output = json
region = us-west-2
I created a queue under https://sqs.us-west-2.amazonaws.com/. I could send message to the queue in SQS Management Console.
In IAM Management Console i also added AmazonSQSFullAccess policy to my user.
But when i want to list the queues via amazon sqs library(using java) i got the following error:
Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied. (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Request ID: 44c3b1f1-cd8b-5306-b4d3-e0af4bf4ccbe)
So i think there may be something wrong with the library and i tried to access via aws cli with the command "aws sqs list-queues". And it threw the error below :
An error occurred (AccessDenied) when calling the ListQueues operation: Access to the resource https://us-west-2.queue.amazonaws.com/ is denied.
Then i added --debug option and tried to get the queue list again. Here is the output:
aws sqs list-queues --debug
2017-04-05 16:33:06,781 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.11.66 Python/2.7.10 Darwin/15.6.0 botocore/1.5.29
2017-04-05 16:33:06,782 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['sqs', 'list-queues', '--debug']
2017-04-05 16:33:06,782 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x10280fa28>
2017-04-05 16:33:06,782 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x102530f50>
2017-04-05 16:33:06,783 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/botocore/data/sqs/2012-11-05/service-2.json
2017-04-05 16:33:06,788 - MainThread - botocore.hooks - DEBUG - Event service-data-loaded.sqs: calling handler <function register_retries_for_service at 0x10210ac08>
2017-04-05 16:33:06,788 - MainThread - botocore.handlers - DEBUG - Registering retry handlers for service: sqs
2017-04-05 16:33:06,788 - MainThread - botocore.hooks - DEBUG - Event building-command-table.sqs: calling handler <function add_waiters at 0x102819b18>
2017-04-05 16:33:06,792 - MainThread - awscli.clidriver - DEBUG - OrderedDict([(u'queue-name-prefix', <awscli.arguments.CLIArgument object at 0x102b97090>)])
2017-04-05 16:33:06,792 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sqs.list-queues: calling handler <function add_streaming_output_arg at 0x10280fc80>
2017-04-05 16:33:06,792 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sqs.list-queues: calling handler <function add_cli_input_json at 0x10253ad70>
2017-04-05 16:33:06,792 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sqs.list-queues: calling handler <function unify_paging_params at 0x102796398>
2017-04-05 16:33:06,796 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/botocore/data/sqs/2012-11-05/paginators-1.json
2017-04-05 16:33:06,796 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.sqs.list-queues: calling handler <function add_generate_skeleton at 0x102788758>
2017-04-05 16:33:06,796 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.sqs.list-queues: calling handler <bound method CliInputJSONArgument.override_required_args of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x102b971d0>>
2017-04-05 16:33:06,796 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.sqs.list-queues: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x102af0d90>>
2017-04-05 16:33:06,797 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.sqs.list-queues.queue-name-prefix: calling handler <function uri_param at 0x1023ca320>
2017-04-05 16:33:06,797 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.sqs.list-queues.cli-input-json: calling handler <function uri_param at 0x1023ca320>
2017-04-05 16:33:06,797 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.sqs.list-queues.generate-cli-skeleton: calling handler <function uri_param at 0x1023ca320>
2017-04-05 16:33:06,797 - MainThread - botocore.hooks - DEBUG - Event calling-command.sqs.list-queues: calling handler <bound method GenerateCliSkeletonArgument.generate_json_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x102af0d90>>
2017-04-05 16:33:06,797 - MainThread - botocore.hooks - DEBUG - Event calling-command.sqs.list-queues: calling handler <bound method CliInputJSONArgument.add_to_call_parameters of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x102b971d0>>
2017-04-05 16:33:06,797 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2017-04-05 16:33:06,797 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2017-04-05 16:33:06,797 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2017-04-05 16:33:06,798 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2017-04-05 16:33:06,798 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/botocore/data/endpoints.json
2017-04-05 16:33:06,811 - MainThread - botocore.client - DEBUG - Registering retry handlers for service: sqs
2017-04-05 16:33:06,812 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.sqs: calling handler <function add_generate_presigned_url at 0x1020d2c80>
2017-04-05 16:33:06,813 - MainThread - botocore.args - DEBUG - The s3 config key is not a dictionary type, ignoring its value of: None
2017-04-05 16:33:06,816 - MainThread - botocore.endpoint - DEBUG - Setting sqs timeout as (60, 60)
2017-04-05 16:33:06,816 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.sqs.ListQueues: calling handler <function generate_idempotent_uuid at 0x10210a668>
2017-04-05 16:33:06,816 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListQueues) (verify_ssl=True) with params: {'body': {'Action': u'ListQueues', 'Version': u'2012-11-05'}, 'url': u'https://us-west-2.queue.amazonaws.com/', 'headers': {'User-Agent': 'aws-cli/1.11.66 Python/2.7.10 Darwin/15.6.0 botocore/1.5.29'}, 'context': {'client_region': 'us-west-2', 'has_streaming_input': False, 'client_config': <botocore.config.Config object at 0x102cfe310>}, 'query_string': '', 'url_path': '/', 'method': u'POST'}
2017-04-05 16:33:06,817 - MainThread - botocore.hooks - DEBUG - Event request-created.sqs.ListQueues: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x102cfe2d0>>
2017-04-05 16:33:06,817 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2017-04-05 16:33:06,817 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/
host:us-west-2.queue.amazonaws.com
x-amz-date:20170405T133306Z
host;x-amz-date
48a38266faf90970d6c7fea9b15e6ba366e5f6397c2970fc893f8a7b5e207bd0
2017-04-05 16:33:06,817 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20170405T133306Z
20170405/us-west-2/sqs/aws4_request
1f88edf15f91a626575611ec61a7d614afbc73e004d619fff636cecdb06134b7
2017-04-05 16:33:06,817 - MainThread - botocore.auth - DEBUG - Signature:
52b3d7ed984353964a6528741b8dfd8acef536272541e912fcc5c89f14210252
2017-04-05 16:33:06,820 - MainThread - botocore.endpoint - DEBUG - Sending http request: <PreparedRequest [POST]>
2017-04-05 16:33:06,821 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTPS connection (1): us-west-2.queue.amazonaws.com
2017-04-05 16:33:08,335 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "POST / HTTP/1.1" 403 321
2017-04-05 16:33:08,338 - MainThread - botocore.parsers - DEBUG - Response headers: {'x-amzn-requestid': 'e107be92-7e65-535e-a29e-efcc8a36f565', 'content-length': '321', 'server': 'Server', 'connection': 'close', 'date': 'Wed, 05 Apr 2017 13:33:07 GMT', 'content-type': 'text/xml'}
2017-04-05 16:33:08,339 - MainThread - botocore.parsers - DEBUG - Response body:
<?xml version="1.0"?><ErrorResponse xmlns="http://queue.amazonaws.com/doc/2012-11-05/"><Error><Type>Sender</Type><Code>AccessDenied</Code><Message>Access to the resource https://us-west-2.queue.amazonaws.com/ is denied.</Message><Detail/></Error><RequestId>e107be92-7e65-535e-a29e-efcc8a36f565</RequestId></ErrorResponse>
2017-04-05 16:33:08,341 - MainThread - botocore.hooks - DEBUG - Event needs-retry.sqs.ListQueues: calling handler <botocore.retryhandler.RetryHandler object at 0x102af0c10>
2017-04-05 16:33:08,342 - MainThread - botocore.retryhandler - DEBUG - No retry needed.
2017-04-05 16:33:08,343 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
File "/usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/awscli/clidriver.py", line 197, in main
return command_table[parsed_args.command](remaining, parsed_args)
File "/usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/awscli/clidriver.py", line 333, in __call__
return command_table[parsed_args.operation](remaining, parsed_globals)
File "/usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/awscli/clidriver.py", line 503, in __call__
call_parameters, parsed_globals)
File "/usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/awscli/clidriver.py", line 622, in invoke
client, operation_name, parameters, parsed_globals)
File "/usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/awscli/clidriver.py", line 634, in _make_client_call
**parameters)
File "/usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/botocore/client.py", line 253, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/Cellar/awscli/1.11.66/libexec/lib/python2.7/site-packages/botocore/client.py", line 543, in _make_api_call
raise error_class(parsed_response, operation_name)
ClientError: An error occurred (AccessDenied) when calling the ListQueues operation: Access to the resource https://us-west-2.queue.amazonaws.com/ is denied.
2017-04-05 16:33:08,343 - MainThread - awscli.clidriver - DEBUG - Exiting with rc 255
An error occurred (AccessDenied) when calling the ListQueues operation: Access to the resource https://us-west-2.queue.amazonaws.com/ is denied.
As you could see from the debug log it was trying to connect to us-west-2.queue.amazonaws.com. But i created the queue under sqs.us-west-2.amazonaws.com.
May be they are redirected to the same host.
So what am i doing wrong? Any idea?
Thanks in advance.

The cause of access denied exception is that ForceMFA is used in every aws service except IAM. It was the reason that i could use IAM commands without problem.
So here are the steps :
I created temporary access keys with the command below
$ aws sts get-session-token --serial-number arn-of-the-mfa-device --token-code code-from-token
Then i put the output values to my credentials file in a separate profile(e.g. mfa)
aws_access_key_id = "Access-key-as-in-returned-output"
aws_secret_access_key = "Secret-access-key-as-in-returned-output"
aws_session_token = "Session-Token-as-in-returned-output"
Then i called the queue list command like this :
aws sqs list-queues --profile mfa

AWS CLI on instance with ECR IAM Policy Set

i have an IAM role that i have tested with the simulator to provide AmazonEC2ContainerRegistryReadOnly access. I have launched an ec2 with the role, and i can see in the EC2 console that it is attached to the instance. When i SSH into the EC2, and attempt to run
aws ecr get-authorization-token
I get the message
'AccessKeyId'
I have attempted to do "aws configure" and set the default region and output (leaving the ACCESS and SECRET empty) but still get the same result...
Can anyone help with this please?
Screenshot of 'error'
DEBUG -
[ec2-user#ip-10-0-101-105 ~]$ aws ecr get-authorization-token
'AccessKeyId'
[ec2-user#ip-10-0-101-105 ~]$ aws ecr get-authorization-token --debug
2017-02-01 15:03:00,704 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.11.44 Python/2.7.12 Linux/4.4.41-36.55.amzn1.x86_64 botocore/1.5.7
2017-02-01 15:03:00,704 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['ecr', 'get-authorization-token', '--debug']
2017-02-01 15:03:00,704 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_scalar_parsers at 0x7efd7abe4578>
2017-02-01 15:03:00,704 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x7efd7b516c80>
2017-02-01 15:03:00,705 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/lib/python2.7/site-packages/botocore/data/ecr/2015-09-21/service-2.json
2017-02-01 15:03:00,712 - MainThread - botocore.hooks - DEBUG - Event service-data-loaded.ecr: calling handler <function register_retries_for_service at 0x7efd7be11488>
2017-02-01 15:03:00,712 - MainThread - botocore.handlers - DEBUG - Registering retry handlers for service: ecr
2017-02-01 15:03:00,713 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ecr: calling handler <function _inject_get_login at 0x7efd7acff1b8>
2017-02-01 15:03:00,713 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ecr: calling handler <function add_waiters at 0x7efd7abe8938>
2017-02-01 15:03:00,716 - MainThread - awscli.clidriver - DEBUG - OrderedDict([(u'registry-ids', <awscli.arguments.ListArgument object at 0x7efd7a87d9d0>)])
2017-02-01 15:03:00,716 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function add_streaming_output_arg at 0x7efd7abe4b90>
2017-02-01 15:03:00,716 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function add_cli_input_json at 0x7efd7b520b90>
2017-02-01 15:03:00,717 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function unify_paging_params at 0x7efd7ac735f0>
2017-02-01 15:03:00,719 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/local/lib/python2.7/site-packages/botocore/data/ecr/2015-09-21/paginators-1.json
2017-02-01 15:03:00,719 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.ecr.get-authorization-token: calling handler <function add_generate_skeleton at 0x7efd7ac5d9b0>
2017-02-01 15:03:00,719 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ecr.get-authorization-token: calling handler <bound method CliInputJSONArgument.override_required_args of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x7efd7a87da10>>
2017-02-01 15:03:00,719 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.ecr.get-authorization-token: calling handler <bound method GenerateCliSkeletonArgument.override_required_args of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7efd7a85a750>>
2017-02-01 15:03:00,720 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecr.get-authorization-token.registry-ids: calling handler <function uri_param at 0x7efd7b53aaa0>
2017-02-01 15:03:00,720 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecr.get-authorization-token.cli-input-json: calling handler <function uri_param at 0x7efd7b53aaa0>
2017-02-01 15:03:00,720 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.ecr.get-authorization-token.generate-cli-skeleton: calling handler <function uri_param at 0x7efd7b53aaa0>
2017-02-01 15:03:00,721 - MainThread - botocore.hooks - DEBUG - Event calling-command.ecr.get-authorization-token: calling handler <bound method GenerateCliSkeletonArgument.generate_json_skeleton of <awscli.customizations.generatecliskeleton.GenerateCliSkeletonArgument object at 0x7efd7a85a750>>
2017-02-01 15:03:00,721 - MainThread - botocore.hooks - DEBUG - Event calling-command.ecr.get-authorization-token: calling handler <bound method CliInputJSONArgument.add_to_call_parameters of <awscli.customizations.cliinputjson.CliInputJSONArgument object at 0x7efd7a87da10>>
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2017-02-01 15:03:00,721 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: config-file
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: ec2-credentials-file
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: boto-config
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: container-role
2017-02-01 15:03:00,722 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: iam-role
2017-02-01 15:03:00,725 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2017-02-01 15:03:00,726 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 11
2017-02-01 15:03:00,727 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2017-02-01 15:03:00,728 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/jenkins-DEV HTTP/1.1" 200 255
2017-02-01 15:03:00,729 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 197, in main
return command_table[parsed_args.command](remaining, parsed_args)
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 333, in __call__
return command_table[parsed_args.operation](remaining, parsed_globals)
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 503, in __call__
call_parameters, parsed_globals)
File "/usr/local/lib/python2.7/site-packages/awscli/clidriver.py", line 620, in invoke
verify=parsed_globals.verify_ssl)
File "/usr/local/lib/python2.7/site-packages/botocore/session.py", line 825, in create_client
credentials = self.get_credentials()
File "/usr/local/lib/python2.7/site-packages/botocore/session.py", line 449, in get_credentials
'credential_provider').load_credentials()
File "/usr/local/lib/python2.7/site-packages/botocore/credentials.py", line 1083, in load_credentials
creds = provider.load()
File "/usr/local/lib/python2.7/site-packages/botocore/credentials.py", line 488, in load
metadata = fetcher.retrieve_iam_role_credentials()
File "/usr/local/lib/python2.7/site-packages/botocore/utils.py", line 203, in retrieve_iam_role_credentials
'access_key': data[role_name]['AccessKeyId'],
KeyError: 'AccessKeyId'
2017-02-01 15:03:00,735 - MainThread - awscli.clidriver - DEBUG - Exiting with rc 255
'AccessKeyId'
EDIT:
Found that the trust policy was set up incorrectly..

Adding an answer for posterity sake so others can see what to do if they hit this error. An EC2 instance profile (an IAM role) needs to allow the EC2 service to assume the role, so you'll need a trust policy like this one:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

AWS CLI access to S3 returns error 104

AWS reports that all their services are operating normally, but I get Error 104 'Connection reset by peer' on all my S3 requests via the AWS CLI. Yesterday it was working fine. Do you have any suggestions for how to fix this?
$ aws --version
aws-cli/1.11.32 Python/2.6.6 Linux/2.6.32-642.11.1.el6.x86_64 botocore/1.4.89
$ aws s3 ls s3://
('Connection aborted.', error(104, 'Connection reset by peer'))
$ aws s3api list-buckets
('Connection aborted.', error(104, 'Connection reset by peer'))
Here is the list-buckets command with debugging info:
$ aws s3api list-buckets --debug
2016-12-21 09:25:11,926 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/1.11.32 Python/2.6.6 Linux/2.6.32-642.11.1.el6.x86_64 botocore/1.4.89
2016-12-21 09:25:11,927 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['s3api', 'list-buckets', '--debug']
2016-12-21 09:25:11,927 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler
2016-12-21 09:25:11,927 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler
2016-12-21 09:25:11,929 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.6/site-packages/botocore/data/s3/2006-03-01/service-2.json
2016-12-21 09:25:11,988 - MainThread - botocore.hooks - DEBUG - Event service-data-loaded.s3: calling handler
2016-12-21 09:25:11,988 - MainThread - botocore.handlers - DEBUG - Registering retry handlers for service: s3
2016-12-21 09:25:11,990 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3api: calling handler
2016-12-21 09:25:11,992 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.6/site-packages/botocore/data/s3/2006-03-01/waiters-2.json
2016-12-21 09:25:11,993 - MainThread - awscli.clidriver - DEBUG - OrderedDict()
2016-12-21 09:25:11,994 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.s3api.list-buckets: calling handler
2016-12-21 09:25:11,994 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.s3api.list-buckets: calling handler
2016-12-21 09:25:11,994 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.s3api.list-buckets: calling handler
2016-12-21 09:25:11,996 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.6/site-packages/botocore/data/s3/2006-03-01/paginators-1.json
2016-12-21 09:25:11,996 - MainThread - botocore.hooks - DEBUG - Event building-argument-table.s3api.list-buckets: calling handler
2016-12-21 09:25:11,996 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.s3api.list-buckets: calling handler >
2016-12-21 09:25:11,997 - MainThread - botocore.hooks - DEBUG - Event before-building-argument-table-parser.s3api.list-buckets: calling handler >
2016-12-21 09:25:11,997 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.s3.list-buckets.cli-input-json: calling handler
2016-12-21 09:25:11,997 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.s3.list-buckets.generate-cli-skeleton: calling handler
2016-12-21 09:25:11,997 - MainThread - botocore.hooks - DEBUG - Event calling-command.s3api.list-buckets: calling handler >
2016-12-21 09:25:11,997 - MainThread - botocore.hooks - DEBUG - Event calling-command.s3api.list-buckets: calling handler >
2016-12-21 09:25:11,998 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2016-12-21 09:25:11,998 - MainThread - botocore.credentials - INFO - Found credentials in environment variables.
2016-12-21 09:25:11,998 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /usr/lib/python2.6/site-packages/botocore/data/endpoints.json
2016-12-21 09:25:12,030 - MainThread - botocore.client - DEBUG - Registering retry handlers for service: s3
2016-12-21 09:25:12,033 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler
2016-12-21 09:25:12,033 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler
2016-12-21 09:25:12,034 - MainThread - botocore.args - DEBUG - The s3 config key is not a dictionary type, ignoring its value of: None
2016-12-21 09:25:12,037 - MainThread - botocore.endpoint - DEBUG - Setting s3 timeout as (60, 60)
2016-12-21 09:25:12,037 - MainThread - botocore.client - DEBUG - Defaulting to S3 virtual host style addressing with path style addressing fallback.
2016-12-21 09:25:12,038 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler
2016-12-21 09:25:12,038 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler >
2016-12-21 09:25:12,038 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler
2016-12-21 09:25:12,038 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler
2016-12-21 09:25:12,038 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler >
2016-12-21 09:25:12,038 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListBuckets) (verify_ssl=True) with params: {'body': '', 'url': u'https://s3.amazonaws.com/', 'headers': {'User-Agent': 'aws-cli/1.11.32 Python/2.6.6 Linux/2.6.32-642.11.1.el6.x86_64 botocore/1.4.89'}, 'context': {'client_region': 'us-east-1', 'signing': {'bucket': None}, 'has_streaming_input': False, 'client_config': }, 'query_string': '', 'url_path': u'/', 'method': u'GET'}
2016-12-21 09:25:12,038 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.ListBuckets: calling handler >
2016-12-21 09:25:12,038 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler
2016-12-21 09:25:12,039 - MainThread - botocore.auth - DEBUG - Calculating signature using hmacv1 auth.
2016-12-21 09:25:12,039 - MainThread - botocore.auth - DEBUG - HTTP request method: GET
2016-12-21 09:25:12,039 - MainThread - botocore.auth - DEBUG - StringToSign:
GET
Wed, 21 Dec 2016 14:25:12 GMT
/
2016-12-21 09:25:12,044 - MainThread - botocore.endpoint - DEBUG - Sending http request:
2016-12-21 09:25:12,044 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTPS connection (1): s3.amazonaws.com
2016-12-21 09:25:12,078 - MainThread - botocore.endpoint - DEBUG - ConnectionError received when sending HTTP request.
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/botocore/endpoint.py", line 204, in _get_response
proxies=self.proxies, timeout=self.timeout)
File "/usr/lib/python2.6/site-packages/botocore/vendored/requests/sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.6/site-packages/botocore/vendored/requests/adapters.py", line 415, in send
raise ConnectionError(err, request=request)
ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))

I experienced this too, but when I specify the region where my S3 bucket reside, the problem solved.
aws s3 --region ap-southeast-1 cp file100Mb.zip s3://mybucket.domain.xyz/path/
You can try and let me know how it does for you.

For me, I installed the awscli via the apt-get command (Ubuntu 16). It was working fine for us-east-1 region. But when I tried to upload files to different regions to a newly created bucket it started giving me this error. By removing the aws cli and installing via pip resolved this issue. It seems the version which is installed via apt-get is not updated for ubuntu 16.
sudo apt-get install pip
pip install awscli

I switched my VM networking from "NAT" to "bridged" and S3 magically started working. When it stopped working, I had not change anything manually; I hope VMware was not changing the network by itself. But if you get error 104, check your network settings.