1

I am getting error while setup data source connection in redash with athena credential.

I have a valid access in athena where i can run query and fetch logs from S3. Now i want to integrate athena with redash, SO i am getting error "An error occurred (UnrecognizedClientException) when calling the StartQueryExecution operation: The security token included in the request is invalid."

Also please let me know if i am missing something here. i have full access in athena to my user.

Please find the attached image and help me out on this. enter image description here

enter image description here

Pankaj Aswal
  • 11
  • 4
  • 1
    Interestingly, sounds very similar to: [Python boto3 - Athena Query - start_query_execution - The security token included in the request is invalid](https://stackoverflow.com/q/63255603/174777) – John Rotenstein Aug 05 '20 at 09:46

1 Answers1

1

I can think of a couple of reasons for that error message:

  1. The credentials are invalid.
  2. You are using credentials generated with STS AssumeRole or GetSessionToken, and you are not including the session token in the authentication parameters (most UIs won't give you the option to input a session token though).
  3. Your IAM policy used requires an MFA token to be present, and you haven't provided one (I've never seen a UI that has an option for this).

I assume you've tested your credentials somehow and that the first reason can be ruled out.

I suspect that this UI does not work with anything but IAM user credentials – i.e. not temporary credentials, not role credentials, and nothing that has conditions for MFA, or IP ranges, or anything like that in the policy.

I suggest you start by using the same credentials to start a query execution with aws-cli. If you get the same error you know it's the IAM policy (or possibly that you're missing a session token), but if the API call succeeds, the issue is in how the UI does the API call.

Theo
  • 125,348
  • 20
  • 140
  • 181