AWS noob here. I am unable to find where in the management console do we see the access token. I have access to the secret key and the access key but apparently API access to AWS requires an access token as well which I am unable to find anywhere on the portal
Additional Information: What I am looking for, is a way to create and destroy tokens via the management console provided by AWS. I am actually learning about terraform AWS provider which requires access key, secret key and the token.
Scraping the internet for answers, it becomes clear that one create and destroy these tokens using the SDK. I am looking at an easy and quick way to create this token via the management console itself. Is that even possible?
Accessing the AWS resource without a token gives me the following error:
aws_instance.sl-ec2-01: Creating...
╷
│ Error: creating EC2 Instance: InvalidAMIID.NotFound: The image id '[ami-07ffb2f4d65357b42]' does not exist
│ status code: 400, request id: 53057722-210e-46fa-89e3-2484f35ab263
│
│ with aws_instance.sl-ec2-01,
│ on ec2-instance.tf line 1, in resource "aws_instance" "sl-ec2-01":
│ 1: resource "aws_instance" "sl-ec2-01" {
this is the exact ami that I retrieved from the portal. My terraform code snippet for provisioning a new VM in the ap-south-1 region:
resource "aws_instance" "sl-ec2-01" {
instance_type = "t2.micro"
ami = "ami-07ffb2f4d65357b42"
}
Update 2: It turns out I had not changed the region information which is why the AMI was not matching. It has now spun an image correctly.
CodePudding user response:
An IAM User only has an Access Key and a Secret Key.
However, if you create temporary credentials using the AWS Security Token Service (STS), then a token is also provided.
For example, using your IAM User credentials to call AssumeRole()
to gain privileges from an IAM Role, then you will be given:
- Access Key
- Secret Key
- Access Token
CodePudding user response:
Apparently, the AMI (machine image) corresponding to a particular OS flavor changes from region to region. While I had changed my region, I hadn't changed the AMI. Which is what I was erring with.
Upon changing the AMI for the OS to the one for my new region, it worked