Which solutions will resolve this error?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A security engineer recently enabled the me-south-1 Region.The security engineer is now assuming an IAM role and is making an API call to an endpoint in me-south-1.The API call returns the following error: “AuthFailure: AWS was not able to validate the provided access credentials”.

Which solutions will resolve this error?

(Choose two.)

Add the iam:SetSecurityTokenServicePreferences action to the security engineer’s IAM role.

Use the AWS Security Token Service (AWS STS) endpoint in me-south-1 to obtain an STS token.

Use the AWS Security Token Service (AWS STS) endpoint in the us-east-1 Region to obtain an STS token.

Manually activate the AWS Security Token Service (AWS STS) endpoint in me-south-1.

Change the AWS Security Token Service (AWS STS) global endpoint to issue Region-compatible session tokens.

Explanations:

Theiam:SetSecurityTokenServicePreferencesaction is unrelated to resolving issues with AWS STS validation. It is used for configuring session token preferences, not for resolving credential validation errors.

The AWS Security Token Service (STS) endpoint must match the region where the API call is made. In this case, using the STS endpoint inme-south-1would resolve the issue by issuing a region-compatible session token.

Using the STS endpoint inus-east-1is not appropriate because the session token must be region-specific to ensure compatibility with API calls inme-south-1.

The AWS Security Token Service (STS) endpoint in any region is automatically available. There is no need to manually activate the STS endpoint forme-south-1.

Changing the global STS endpoint to issue region-compatible session tokens ensures that the credentials provided are valid for the specific region where the API call is made, such asme-south-1.

Leave a Reply

Your email address will not be published. Required fields are marked *

18 + 6 =