Unable to configure Ex Aws for SQS

I am new to Elixir and trying to create a listener for SQS using Ex Aws. I have provided access_key_id and secret_access_key in config.exs. In the logs I can see the correct access key id is being sent to AWS. Still I am getting below error -

{:error,
{:http_error, 403,
%{
code: “InvalidClientTokenId”,
detail: nil,
message: “The security token included in the request is invalid.”,
request_id: “”,
type: “Sender”
}}}

In python I also configured AWS_SESSION_TOKEN and AWS_ACCOUNT_ID along with above 2 fields, but don’t see an option to do that with ExAws. I also tried to list s3 files using Ex Aws by configuring same 2 keys in config.exs, but there I get below error -
{:error,
{:http_error, 403,
%{
body: “<?xml version=\"1.0\" encoding=\"UTF-8\"?>\nInvalidAccessKeyIdThe AWS Access Key Id you provided does not exist in our records.access keyreq_idhostid”,
headers: [
{“x-amz-request-id”, “”},
{“x-amz-id-2”,
“”},
{“Content-Type”, “application/xml”},
{“Transfer-Encoding”, “chunked”},
{“Date”, “Mon, 17 Aug 2020 14:28:27 GMT”},
{“Server”, “AmazonS3”}
],
status_code: 403
}}}
As per documentation I have also tried giving aws profile (after adding {:ex_aws_sts, “~> 2.0”} ), but with same results. Below is the final config -

config :ex_aws,
json_codec: Jason,
debug_requests: true,
access_key_id: [{:system, “AWS_ACCESS_KEY_ID”}, {:awscli, “profile-name”, 30}, :instance_role],
secret_access_key: [{:system, “AWS_SECRET_ACCESS_KEY”}, {:awscli, “profile-name”, 30}, :instance_role],
region: “us-east-1”

Will passing aws account id help in resolving this? If, yes, how can I pass it to the library?

Our call was continuously failing to connect with AWS with the 2 parameters set ( access_key_id and secret_access_key ) per the readme documentation given in the Github of ExAws package. We had to figure out from the source code that aws session token can be set as security_token as below. This fixed the issue. We have also raised this issue on ExAws Github to add this in the readme doc.

security_token: [{:system, "AWS_SESSION_TOKEN"}, :instance_role]
2 Likes