Getting this error every time I run “terraform plan”. Please help
Error: Retrieving AWS account details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 4eb5797c-fcb4-481d-87b4-c0bc3369fda3, api error ExpiredToken: The security token included in the request is expired
│
│ with provider[“Terraform Registry”],
│ on provider.tf line 20, in provider “aws”:
│ 20: provider “aws” {
│
╵
╷
│ Error: Cannot assume IAM Role
│
│ with module.production.provider[“Terraform Registry”].Route53,
│ on .terraform/modules/production/pgx/provider.tf line 3, in provider “aws”:
│ 3: provider “aws” {
│
│ IAM Role (arn:aws:iam::732191791819:role/tf_route53) cannot be assumed.
│
│ There are a number of possible causes of this - the most common are:
│ * The credentials used in order to assume the role are invalid
│ * The credentials do not have appropriate permission to assume the role
│ * The role ARN is not valid
│
│ Error: operation error STS: AssumeRole, https response error StatusCode:
│ 403, RequestID: 33e4f560-37d6-49c4-b044-0cfed8838b6c, api error
│ ExpiredToken: The security token included in the request is expired
│
╵
Operation failed: failed running terraform plan (exit 1)
It looks like your Terraform is facing a couple of main issues related to AWS credentials and IAM role assumptions:
Expired AWS Credentials: The error messages api error ExpiredToken: The security token included in the request is expired suggest that the AWS credentials (like access key ID and secret access key) Terraform is using are expired. This is why it’s failing to retrieve account details and validate provider credentials.
IAM Role Assumption Issues: The error Cannot assume IAM Role along with ExpiredToken indicates that Terraform is trying to assume an IAM role with expired or invalid credentials, or the credentials don’t have permission to assume the role, or the role ARN is incorrect.
To resolve these issues, you’ll need to refresh your AWS credentials and ensure that the IAM role Terraform is attempting to assume is configured correctly with the necessary trust and permission policies.
Hello rtwolfe, thank you for your response. I don’t think it’s a permission issue, because I tried to change my user and getting the error again
Error: reading ECS Cluster (arn:aws:ecs:us-east-1:732191791819:cluster/precision-production-reports-blue): InvalidParameterException: Identifier is for 732191791819. Your accountId is 971176872478
│
│ with module.production.module.ecs_reports.module.cluster.aws_ecs_cluster.this[0],
│ on .terraform/modules/production.ecs_reports/modules/cluster/main.tf line 14, in resource “aws_ecs_cluster” “this”:
│ 14: resource “aws_ecs_cluster” “this” {
│
╵
Operation failed: failed running terraform plan (exit 1)
AND never had this issue before. I was cleaning up my credentials in Terraform Cloud and don’t know what happened