aws-vault icon indicating copy to clipboard operation
aws-vault copied to clipboard
verified publisher icon 99designs

Signature Does not Match

Open phortonssf opened this issue 4 years ago • 2 comments

  • [x] I am using the latest release of AWS Vault

  • [x] I have provided my .aws/config (redacted if necessary) `[profile galley] mfa_serial = arn:aws:iam::xxxxxxxxx:mfa/phorton

[profile galley-dev] source_profile = galley role_arn = arn:aws:iam::xxxxxxx:role/gDEVOPS mfa_serial = arn:aws:iam::xxxxxxxx:mfa/phorton

[profile galley-testing] source_profile = galley role_arn = arn:aws:iam::xxxxxxx:role/gDEVOPS

[profile galley-prod] source_profile = galley role_arn = arn:aws:iam::xxxxxxxx:role/gDEVOPS

[profile galley-staging] source_profile = galley role_arn = arn:aws:iam::xxxxxxxxx:role/gDEVOPS

[profile galley-load] source_profile = galley role_arn = arn:aws:iam::xxxxxxxxxx:role/gDEVOPS `

  • [x] I have provided the debug output using aws-vault --debug (redacted if necessary) aws-vault exec galley --backend=pass --debug -- aws s3 ls 2022/01/06 22:44:36 aws-vault v6.3.1 2022/01/06 22:44:36 Loading config file /home/digitaldive/.aws/config 2022/01/06 22:44:36 Parsing config file /home/digitaldive/.aws/config 2022/01/06 22:44:36 [keyring] Considering backends: [pass] 2022/01/06 22:44:36 profile galley: using stored credentials 2022/01/06 22:44:36 profile galley: using GetSessionToken (with MFA) Enter token for arn:aws:iam::xxxxxxxxxx:mfa/phorton: 918516 2022/01/06 22:45:04 Using STS endpoint https://sts.amazonaws.com 2022/01/06 22:45:04 Looking up keyring for 'galley' aws-vault: error: exec: Failed to get credentials for galley: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. status code: 403, request id:xxxxxxxxx

I am running ubuntu 20.04 on WSL 2. AWS cli works fine with the current credentials. Any help would be great thank you.

phortonssf avatar Jan 07 '22 06:01 phortonssf

Can someone comment how to debug this further? If the AWS CLI works (authorized correctly) then how can we identify further what isn't authorizing correctly with aws vault? Are there more verbose logs we can provide to identify at a lower level where this might be failing?

evbo avatar Jul 14 '22 16:07 evbo

@phortonssf out of curiosity did you manually create your secret key or did you let AWS create it? The reason I ask is because at first I used a key generator to create mine, which include backslashes and other symbols that were legal for AWS but might not be supported by AWS Vault?

I recreated my access token and let AWS generate the key, sure enough it's all alphanumeric characters and then AWS vault worked fine.

evbo avatar Jul 14 '22 16:07 evbo

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

github-actions[bot] avatar Feb 21 '23 10:02 github-actions[bot]