{"id":1106,"hash":"7fcdad593c65ea0717456beecf457cf286ea87f5dab1bd34aaf9d4c60cd02a4a","pattern":"Boto3 error: The AWS Access Key Id you provided does not exist in our records","full_message":"I am currently trying to get access to Amazon S3 inside a virtual machine and download files like so:\n\ns3 = boto3.resource('s3',\n         aws_access_key_id=\"xxxxxxxxxxx\",\n         aws_secret_access_key=\"xxxxxxxxxxxxxxxxx\")\ns3client = boto3.client('s3')\n\nbucket = s3.Bucket('bucketone')\n\nfor obj in bucket.objects.all():\n    s3client.download_file(bucket_name, obj.key, filename)\n\nBut I’m getting the error:\n\n  botocore.exceptions.ClientError: An error occurred (InvalidAccessKeyId) when calling the ListObjects operation: The AWS Access Key Id you provided does not exist in our records.\n\nWhat could I be doing wrong? I checked my aws_access_key_id and aws_secret_access_key multiple times, but still getting the same error. The same code locally, but not on a virtual machine, actually works on a different computer as well.  There is a reason why I’m hardcoding in the keys, as I have to.","ecosystem":"pypi","package_name":"amazon-web-services","package_version":null,"solution":"Boto3 users BEWARE\n\nTL;DR\nIf you are using temporary credentials to connect to AWS services through Boto3, you MUST include a current aws_session_token as a parameter to your boto3.session.Session instance.\n\nimport os\n\nimport boto3\n\nsession = boto3.Session(\n    aws_access_key_id=os.environ[\"AWS_ACCESS_KEY_ID\"],\n    aws_secret_access_key=os.environ[\"AWS_SECRET_ACCESS_KEY\"],\n    aws_session_token=os.environ[\"AWS_SESSION_TOKEN\"],\n)\n\n# Test it on a service (yours may be different)\ns3 = session.resource('s3')\n\n# Print out bucket names\nfor bucket in s3.buckets.all():\n    print(bucket.name)\n\nExplanation\nThis is a crucial piece of information when you are testing credentials in Boto3:\nThe error you receive may say this,\n\nClientError: An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records.\n\nbut may mean you are missing an aws_session_token if you are using temporary credentials (in my case, role-based credentials).\n\nAccording to AWS documentation, these are the parameters available to a boto3.session.Session object, however, there is no indication or clarification when it comes to this behavior in Boto3:\n\nParameters\naws_access_key_id (string) -- AWS access key ID\naws_secret_access_key (string) -- AWS secret access key\naws_session_token (string) -- AWS temporary session token\nregion_name (string) -- Default region when creating new connections\nbotocore_session (botocore.session.Session) -- Use this Botocore session instead of creating a new default one.\nprofile_name (string) -- The name of a profile to use. If not given, then the default profile is used.\n\nRegarding the aws_session_token\n\nSpecifies an AWS session token used as part of the credentials to authenticate the user. A session token is required only if you manually specify temporary security credentials.\n\nResources\n\naws_session_token\nCommon scenarios for roles: Users, applications, and services\nBoto3 Credentials\nSession Reference","confidence":0.95,"source":"stackoverflow","source_url":"https://stackoverflow.com/questions/43907689/boto3-error-the-aws-access-key-id-you-provided-does-not-exist-in-our-records","votes":30,"created_at":"2026-04-19T04:52:20.957975+00:00","updated_at":"2026-04-19T04:52:20.957975+00:00"}