Friday, May 22, 2015

A client error (AuthFailure) occurred: AWS was not able to validate the provided access credentials

Problem

Amazon Web Services (AWS) offers both the web-based management console as well a command line interface (CLI). The other day we were use the CLI on an EC2 instance running Red Hat Enterprise Linux Server release 6.4 operating system. But even after installing and configuring the CLI using the AWS CLI user guide, every CLI command was failing with the "A client error (AuthFailure) occurred..." error. For example, the basic command "aws ec2 describe-instances --region us-west-2" failed with the below error.

A client error (AuthFailure) occurred when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials.

Solution

The date command returned an incorrect time. Whereas the actual time is Fri May 22 23:33:18 EDT 2015, it returned Sat May 23 03:33:18 EDT 2015.  We then found that the NTP daemon was not running (Network Time Protocol). Once we started the ntpd deamon, the "aws ec2 describe-instances --region us-west-2" worked and returned the expected output in the AWS CLI default JSON format. We followed the AWS user guide on how to start the ntpd deamon successfully.


1. ntpstat
Unable to talk to NTP daemon. Is it running?

2. sudo service ntpd start
Starting ntpd:                                             [  OK  ]

3. sudo chkconfig ntpd on

4. ntpstat
unsynchronised
   polling server every 64 s

5. date

The date command then returned the correct time.

6. aws ec2 describe-instances --region us-west-2

Finally, the aws ec2 command above returned the output successfully.

No comments: