Can be worked around by using access key/secret key directly for an IAM user
...
In my case I am having this issue when my credentials are supplied by aws-vault and only when I am using Terraform to create IAM resources. All other resources provision without issues, but IAM resources fail with InvalidClientTokenId: The security token included in the request is invalid.
aws-vault + terraform の組み合わせでIAMリソースの作成に失敗する。Terraform v1.3.9 に更新しても解消しない
workaround → /.aws/credentials (config)を直接使う
Error: creating IAM User (foo-user): InvalidClientTokenId: The security token included in the request is invalid
To give more context here, for people who might stumble upon this issue.
The actual issue was using Temporary Security Credentials without MFA enabled. AWS restricts accessing IAM in this case. This could have been a lot more clear from the error message, but that is again not this providers fault, it's the AWS clients fault AFAIK.
