EC2 API Error validating access credential

问题:

I installed the ec2 api following the amazon guide. I setted up the access id and secret as environment variable.

Here it is my profile:

export AWS_ACCESS_KEY=XXXXX

export AWS_SECRET_KEY=XXXXXX

export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

export EC2_HOME=/usr/local/ec2/ec2-api-tools-1.7.1.0

export PATH=$PATH:$EC2_HOME/bin

Everythings looks configured as asked, but i can't connect to aws.

Here the output of the command ec2-describe-regions in verbose mode:

Client.AuthFailure: AWS was not able to validate the provided access credentials ubuntu@ip:~$ ec2dre -v Setting User-Agent to [ec2-api-tools 1.7.1.0] 2014-07-14 19:10:34,898 [main] DEBUG org.apache.http.wire  - >> "POST / HTTP/1.1[\r][\n]" 2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire  - >> "Host: ec2.amazonaws.com[\r][\n]" 2014-07-14 19:10:34,912 [main] DEBUG org.apache.http.wire  - >> "X-Amz-Date: 20140714T191033Z[\r][\n]" 2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Authorization: AWS4-HMAC-SHA256 Credential=AKIAIT64V5MH2HHF5QZQ/20140714/us-east-1/ec2/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=06920c7d37a24d8244feb630d87310238886294d3ae2ab40f68a362a799d9a62[\r][\n]" 2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "User-Agent: ec2-api-tools 1.7.1.0, aws-sdk-java/unknown-version Linux/3.2.0-36-virtual OpenJDK_64-Bit_Server_VM/24.51-b03[\r][\n]" 2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Content-Type: application/x-www-form-urlencoded; charset=utf-8[\r][\n]" 2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Content-Length: 41[\r][\n]" 2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "Connection: Keep-Alive[\r][\n]" 2014-07-14 19:10:34,913 [main] DEBUG org.apache.http.wire  - >> "[\r][\n]" 2014-07-14 19:10:34,914 [main] DEBUG org.apache.http.wire  - >> "Action=DescribeRegions&Version=2014-06-15" 2014-07-14 19:10:34,984 [main] DEBUG org.apache.http.wire  - << "HTTP/1.1 401 Unauthorized[\r][\n]" 2014-07-14 19:10:35,002 [main] DEBUG org.apache.http.wire  - << "Transfer-Encoding: chunked[\r][\n]" 2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire  - << "Date: Mon, 14 Jul 2014 19:18:34 GMT[\r][\n]" 2014-07-14 19:10:35,003 [main] DEBUG org.apache.http.wire  - << "Server: AmazonEC2[\r][\n]" 2014-07-14 19:10:35,010 [main] DEBUG org.apache.http.wire  - << "[\r][\n]" 2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "fe[\r][\n]" 2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "<?xml version="1.0" encoding="UTF-8"?>[\n]" 2014-07-14 19:10:35,225 [main] DEBUG org.apache.http.wire  - << "<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>cd2b128b-3d70-425b-a8a7-4856fd9a6b99</RequestID></Response>" 2014-07-14 19:10:35,278 [main] DEBUG org.apache.http.wire  - << "[\r][\n]" 2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire  - << "0[\r][\n]" 2014-07-14 19:10:35,279 [main] DEBUG org.apache.http.wire  - << "[\r][\n]" Client.AuthFailure: AWS was not able to validate the provided access credentials Request ID: cd2b128b-3d70-425b-a8a7-4856fd9a6b99 

回答1:

Check that the server clock is synchronized.

If the clock is delayed, can cause this error:

AWS was not able to validate the provided access credentials 

回答2:

I ran into this issue when my system clock was set falsely.

In my case the clock was running ahead by two hours.

Equally important is to put the commands in your .bashrc or similar file (.bash_aliases):

export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXX" export AWS_SECRET_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" 

When there run source ~/.bashrc

The reason for the importance of this is that when running an ec2 command new shell instances are created that doesn't get the environment variables otherwise.

回答3:

AWS CLI was working fine for me but all of a sudden it started failing with the following error

A client error (AuthFailure) occurred when calling the DescribeTags operation: AWS was not able to validate the provided access credentials 

Tried with a new set of credentials, however that did not help.

It worked only after stop-start was performed on the EC2 instance (reboot might have also worked). Hence, it appears to be an issue with the particular EC2 instance from where the aws cli was executed.

回答4:

Run aws s3 ls to confirm whether the error is related to time sync. You should get the error like:

An error occurred (RequestTimeTooSkewed) when calling the ListBuckets operation: The difference between the request time and the current time is too large.

If so, try to sync your datetime as suggested.

Example shell commands on Linux to do that:

# Install the ntpdate client for setting system time from NTP servers. sudo apt-get --yes install ntpdate sudo ntpdate 0.amazon.pool.ntp.org 

Then re-try your aws command again.

---

If the timezone is still not correct, run: sudo dpkg-reconfigure tzdata to configure it, or by:

timedatectl list-timezones timedatectl set-timezone 'Europe/London' 

See also: Configure localtime. dpkg-reconfigure tzdata.

文章来源: EC2 API Error validating access credential