AWS InvalidClientTokenId Errors / Error: Skipping disabled region..

Hi
I'm seeing the errors
Error: Skipping disabled region eu-west-2... (for any region)
and
/var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call': The security token included in the request is invalid. (Aws::IAM::Errors::InvalidClientTokenId)
(entire output below)

1. Where/how can I enable/disable regions?
2. Regarding InvalidClientTokenId: I'm running the script two IAM users (one in the root/Cloudtrain account, one in the Lamba/"to bes scanned" account). Both IAM users have AdministratorAccess.

my .aws/credentials file looks like this:

[account_to_be_scanned]
aws_access_key_id = *****to-be-scanned-account***
aws_secret_access_key = ******to-be-scanned-account***
region = eu-west-1

[root_account]
aws_access_key_id = ******root-account***
aws_secret_access_key = ******root-account***
region = eu-west-1

I'm exporting these variables:
```
export REGION=eu-west-1
export CSV_PATH="myexport.csv"
export BUCKET=my-cloudtrail-bucket
export BUCKET_REGION=eu-west-1
export SCAN_PROFILE=account_to_be_scanned
export LAMBDA_PROFILE=root_account
export LAMBDA_REGION=eu-west-1
export ACCESS_KEY_ID="*****to-be-scanned-account***"
export SECRET_ACCESS_KEY="******to-be-scanned-account***"
```

then invoking the script:

```
./retro_tag.rb \
  --csv "$CSV_PATH" \
  --bucket $BUCKET \
  --bucket-region $BUCKET_REGION \
  --scan-profile "$SCAN_PROFILE" \
  --lambda-profile "$LAMBDA_PROFILE" \
  --lambda-region $LAMBDA_REGION \
  --scan-access-key-id=ACCESS_KEY_ID \
  --scan-secret-access-key=SECRET_ACCESS_KEY
```

(note: without the last two options, its not running at all)

Here the entire output:

Importing from /home/it-services/RetroTag/retro-tag/myexport.csv (1.42 MiB)...completed in 0 seconds.
The AwsResource::VpnGateway.get_resources cache file is too old, scanning aws...
The AwsResource::VpnConnection.get_resources cache file is too old, scanning aws...
The AwsResource::VpcSubnet.get_resources cache file is too old, scanning aws...
The AwsResource::VpcRouteTable.get_resources cache file is too old, scanning aws...
The AwsResource::VpcPeering.get_resources cache file is too old, scanning aws...
The AwsResource::VpcNetworkAcl.get_resources cache file is too old, scanning aws...
The AwsResource::VpcNatGateway.get_resources cache file is too old, scanning aws...
The AwsResource::VpcInternetGateway.get_resources cache file is too old, scanning aws...
The AwsResource::VpcEni.get_resources cache file is too old, scanning aws...
The AwsResource::Vpc.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region af-south-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-east-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-1...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-2...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-northeast-3...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-south-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-1...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ap-southeast-2...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region ca-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-central-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-north-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-south-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-1...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-2...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region eu-west-3...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region me-south-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region sa-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-1...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-east-2...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-1...
Error: Skipping disabled region us-west-2...
Total AwsResource::VpcSubnet.get_resources: 0
The AwsResource::SecurityGroup.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region us-west-2...
Total AwsResource::VpcInternetGateway.get_resources: 0
The AwsResource::S3Bucket.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region us-west-2...
Total AwsResource::VpnGateway.get_resources: 0
Error: Skipping disabled region us-west-2...
Total AwsResource::VpcRouteTable.get_resources: 0
Error: Skipping disabled region us-west-2...
Total AwsResource::VpnConnection.get_resources: 0
The AwsResource::LambdaFunction.get_resources cache file is too old, scanning aws...
The AwsResource::OpsWorks.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region us-west-2...
Total AwsResource::VpcEni.get_resources: 0
The AwsResource::IamRole.get_resources cache file is too old, scanning aws...
The AwsResource::Rds.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region us-west-2...
Total AwsResource::VpcNetworkAcl.get_resources: 0
The AwsResource::IamUser.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region us-west-2...
Total AwsResource::VpcNatGateway.get_resources: 0
Error: Skipping disabled region us-west-2...
Total AwsResource::Vpc.get_resources: 0
The AwsResource::ElasticLoadBalancingV2.get_resources cache file is too old, scanning aws...
The AwsResource::ElasticMapReduce.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region us-west-2...
Total AwsResource::VpcPeering.get_resources: 0
The AwsResource::ElasticLoadBalancing.get_resources cache file is too old, scanning aws...
Error: Skipping disabled region us-east-1...
Total AwsResource::S3Bucket.get_resources: 0
The AwsResource::Eip.get_resources cache file is too old, scanning aws...
#<Thread:0x000055ea66c9c358 ./retro_tag.rb:162 run> terminated with exception (report_on_exception is true):
Traceback (most recent call last):
        13: from ./retro_tag.rb:168:in \`block (2 levels) in <main>'
        12: from /home/it-services/RetroTag/retro-tag/auto_tag/aws_mixin.rb:19:in \`write_cache_file'
        11: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:55:in \`get_resources'
        10: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:55:in \`each'
         9: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:61:in \`block in get_resources'
         8: from /var/lib/gems/2.7.0/gems/aws-sdk-iam-1.56.0/lib/aws-sdk-iam/client.rb:8226:in \`list_roles'
         7: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/request.rb:72:in \`send_request'
         6: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/response_target.rb:24:in \`call'
         5: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/response_paging.rb:12:in \`call'
         4: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/request_callback.rb:71:in \`call'
         3: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/param_converter.rb:26:in \`call'
         2: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in \`call'
         1: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:22:in \`call'
/var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in \`call': The security token included in the request is invalid. (Aws::IAM::Errors::InvalidClientTokenId)
#<Thread:0x000055ea66c9c038 ./retro_tag.rb:162 run> terminated with exception (report_on_exception is true):
Traceback (most recent call last):
        13: from ./retro_tag.rb:168:in \`block (2 levels) in <main>'
        12: from /home/it-services/RetroTag/retro-tag/auto_tag/aws_mixin.rb:19:in \`write_cache_file'
        11: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:55:in \`get_resources'
        10: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:55:in \`each'
         9: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:61:in \`block in get_resources'
         8: from /var/lib/gems/2.7.0/gems/aws-sdk-iam-1.56.0/lib/aws-sdk-iam/client.rb:9044:in \`list_users'
         7: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/request.rb:72:in \`send_request'
         6: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/response_target.rb:24:in \`call'
         5: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/response_paging.rb:12:in \`call'
         4: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/request_callback.rb:71:in \`call'
         3: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/param_converter.rb:26:in \`call'
         2: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in \`call'
         1: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:22:in \`call'
/var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in \`call': The security token included in the request is invalid. (Aws::IAM::Errors::InvalidClientTokenId)
Traceback (most recent call last):
        13: from ./retro_tag.rb:168:in \`block (2 levels) in <main>'
        12: from /home/it-services/RetroTag/retro-tag/auto_tag/aws_mixin.rb:19:in \`write_cache_file'
        11: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:55:in \`get_resources'
        10: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:55:in \`each'
         9: from /home/it-services/RetroTag/retro-tag/aws_resource/default.rb:61:in \`block in get_resources'
         8: from /var/lib/gems/2.7.0/gems/aws-sdk-iam-1.56.0/lib/aws-sdk-iam/client.rb:8226:in \`list_roles'
         7: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/request.rb:72:in \`send_request'
         6: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/response_target.rb:24:in \`call'
         5: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/response_paging.rb:12:in \`call'
         4: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/request_callback.rb:71:in \`call'
         3: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/param_converter.rb:26:in \`call'
         2: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in \`call'
         1: from /var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:22:in \`call'
/var/lib/gems/2.7.0/gems/aws-sdk-core-3.117.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in \`call': The security token included in the request is invalid. (Aws::IAM::Errors::InvalidClientTokenId)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

AWS InvalidClientTokenId Errors / Error: Skipping disabled region.. #10

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

AWS InvalidClientTokenId Errors / Error: Skipping disabled region.. #10

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions