AWS Invalid Credentials Issue — Time Sync Resolution
AWS Invalid Credentials Issue — Time Sync Resolution
🧩 Problem Overview
While using AWS CLI, you might sometimes face the following error even when your credentials are correct: An error occurred (AuthFailure) when calling the DescribeVolumes operation: AWS was not able to validate the provided access credentials Example: aws ec2 describe-volumes –profile mycred
This error can be deceptive — it’s not always about wrong keys or permissions. In many cases, it’s caused by a time synchronization issue between your local VM and AWS servers.
🕒 Why This Happens
AWS uses timestamp-based request signing. If your system time is out of sync by more than a few minutes, the signature becomes invalid — leading to credential validation errors.
To check your system’s current time sync status, run:
timedatectl
If you notice: Reference ID: 00000000 ()
…it means no external NTP (Network Time Protocol) server is configured — your VM is using its own clock, which can drift over time.
🧠 Quick Recap: What is NTP?
NTP (Network Time Protocol) is a protocol that synchronizes computer clocks over a network. It ensures all systems — including your VM and AWS — agree on the same time. Accurate time sync is critical for authentication, logging, and request signing.
🧰 Resolution Steps
Check your chrony configuration file: cat /etc/chrony.conf
You’ll typically see lines like: pool 2.rhel.pool.ntp.org iburst
✅ Ensure the pool is reachable and valid for your environment.
Verify NTP connectivity: chronyc sources -v
If you see stratum values like 2, 3, 4, your sync is healthy. If all show 0, it indicates a problem with NTP connectivity.
(Recommended) Use Amazon’s own NTP service Within an AWS VPC, you can use the Amazon Time Sync Service (ATSS), accessible without internet access.
Update your /etc/chrony.conf as follows:
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
Once your time synchronization is fixed, AWS CLI commands should work seamlessly:
aws ec2 describe-volumes –profile mycred
This should resolve “AWS was not able to validate the provided access credentials” errors!
If you have any queries, you can reach out to me at below email id.
Author: Saurabh — CloudOps & DevOps Engineer
📧 Contact: hello.saurabhoncloud@gmail.com