The security token included in the request is invalid (Service: QuickSight, Status Code: 403

m0ltar · May 10, 2024, 9:31am

Getting a really odd error today:

The security token included in the request is invalid (Service: QuickSight, Status Code: 403, Request ID: e9f8ef8b-3bce-4f20-8aaa-80cfc0bfd69a)" (RequestToken: c3f70f5c-789b-81d9-e459-a2a256b5fc8d, HandlerErrorCode: GeneralServiceException)

Feels like some kind of internal outage in QS, the change we are deploying is so minor and inconsequential that it should not produce such an issue.

The auth token (STS) is valid, checked with get-caller-identity call, and it’s an AWS SSO login anyways, that I just did, so it cannot be invalid or old.

Here’s the change in the dashboard that is being deployed, as you can see just minor sizing tweaks.

The same CloudFormation stack was deployed successfully only yesterday.

@@ -1,6 +1,6 @@
 {
   "AWSTemplateFormatVersion": "2010-09-09",
-  "Description": "Generated by AWS QuickSight for 2070a674-ec0f-4bb6-81b0-b7b50ea583fa started at 2024-05-09 20:15:02 UTC",
+  "Description": "Generated by AWS QuickSight for 56f0b1af-8387-4960-a7bd-21ae0a959cab started at 2024-05-10 09:16:36 UTC",
   "Parameters": {
     "IdentityRegion": {
       "Default": "...region....",
@@ -14796,7 +14796,7 @@
                           },
                           "ElementId": "180dc423-d908-468c-8f8a-0a6d0d728f7f",
                           "ElementType": "TEXT_BOX",
-                          "Height": "64px",
+                          "Height": "80px",
                           "RenderingRules": [
                             {
                               "ConfigurationOverrides": {
@@ -14809,9 +14809,9 @@
                             "Visibility": "HIDDEN"
                           },
                           "Visibility": "HIDDEN",
-                          "Width": "272px",
-                          "XAxisLocation": "912px",
-                          "YAxisLocation": "352px"
+                          "Width": "528px",
+                          "XAxisLocation": "752px",
+                          "YAxisLocation": "336px"
                         },
                         {
                           "BackgroundStyle": {
@@ -15628,7 +15628,7 @@
                                   "DataSetIdentifier": "foo.csv"
                                 },
                                 "FieldId": "c85206b9-bc1a-4399-89d9-957485e24392.3.1714658390827",
-                                "HierarchyId": "9b62fe86-7ede-4e27-b0f1-8afe07d7b6a1"
+                                "HierarchyId": "12cb631d-38e6-4586-9ddf-a4e777b96446"
                               }
                             }
                           ],
@@ -15781,7 +15781,7 @@
                           ],
                           "DrillDownFilters": [
                           ],
-                          "HierarchyId": "9b62fe86-7ede-4e27-b0f1-8afe07d7b6a1"
+                          "HierarchyId": "12cb631d-38e6-4586-9ddf-a4e777b96446"
                         }
                       }
                     ],

duncan · May 10, 2024, 8:55pm

Hey @m0ltar !

Are you using the same account/credentials to deploy as you did when the deployment worked?

m0ltar · May 10, 2024, 9:33pm

Yes I’ve used the exact same credentials.

m0ltar · May 11, 2024, 9:57am

I am still getting the same error.

By the way, the credentials question also does not make sense. I am able to use these same credentials to issue a CloudFormation deployment, which is all in the same AWS account. If my credentials were invalid, I’d be unable to do a CF deployment. However, the deployment works; other (non-QS) resources get updated, and only the Dashboard resource fails with the error above.

m0ltar · May 13, 2024, 1:05pm

This is very frustrating. We opened a support request with AWS on Friday and have yet to receive an update or acknowledgement of the issue.

At this point, I am pretty confident this is an AWS bug because I can’t even delete the CloudFormation stack from the AWS console UI. I am getting the ~~same~~ a different error.

Unable to execute HTTP request: Read timed out" (RequestToken: cb95479f-7d48-5db4-3ddd-0102f0474401, HandlerErrorCode: InternalFailure

I’d be surprised if this is an isolated bug that only affects our stack somehow. The error seems to be passed from the service itself.

EDIT: Was able to delete the stack after a second attempt.

m0ltar · May 13, 2024, 1:14pm

I was able to delete the stack and deploy it again. Luckily it had only stateless resources (theme, dashboard).

But any minor change will result in the same error again.

My last test simply had this tiny change just for the purpose of testing the deployment:

@@ -4482,7 +4482,7 @@
                           },
                           "Visibility": "VISIBLE",
                           "Width": "848px",
-                          "XAxisLocation": "352px",
+                          "XAxisLocation": "353px",
                           "YAxisLocation": "0px"
                         },
                         {

And it fails with the same error as before:

Resource handler returned message: “The security token included in the request is invalid (Service: QuickSight, Status Code: 403, Request ID: acb95ce3-569d-47ab-8a5a-44dfad8e8478)” (RequestToken: 5724c422-b7de-1fec-f81e-7f4ab0f77064, HandlerErrorCode: GeneralServiceException)