How can I resolve the error "The security token included in the request is invalid" when running aws iam upload-server-certificate?

I cd into the directory where all the pem/key files are and run the following:

aws iam upload-server-certificate 
    --server-certificate-name certificate_name 
    --certificate-body file://webservercertificate.pem  
    --private-key file://server.key   
    --certificate-chain file://certificate_chain_file.pem 

I get the following error:

A client error (InvalidClientTokenId) occurred when calling the UploadServerCertificate operation: The security token included in the request is invalid.

I have 1 'user' in 'users'. That user has been assigned the following permissions:

IAMFullAccess IAMReadOnlyAccess IAMUserSSHKeys

I've downloaded the credentials for this user and put them into my user variables

AWS_ACCESS_KEY ****
AWS_SECRET_KEY ****

I have 1 role on my elastic beanstalk aws-elasticbeanstalk-ec2-role


If you're using the CLI with MFA, you have to set the session token in addition to setting the access and secret keys. Please refer to this article: https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/


Try to go to the security credentials on your account page: Click on your name in the top right corner -> My security credentials

Then generate access keys over there and use those access keys in your credentials file (aws configure)