My company uses sub accounts under a master account to control access and track resources in AWS Gov Cloud. I am trying to get an account configured for the S3 File Reader that works in this configuration. Seems simple enough, I specify my access key and secret key and set the Cross Account IAM Role’s Role ARN field but the validation is failing:
Failed to validate account: The security token included in the request is invalid. (Service: AWSSecurityTokenService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 4961a29f-a875-4c69-9665-e640610bc840) (Reason: No reason provided by the snap; Resolution: No resolution provided by the snap)
On my local machine, my ~/.aws/config file looks something like this:
[default] region = us-gov-west-1 [profile engineer] role_arn = arn:aws-us-gov:iam::############:role/Sandbox_Administrator source_profile = default region = us-gov-west-1
and my ~/.aws/credentials file looks something like this:
[default] aws_access_key_id = <redacted> aws_secret_access_key = <redacted>
When I run AWS CLI commands, I have to add “–profile engineer” to the command line but everything works properly.
Any clues as to what I need to do to make this work with the S3 File Reader?