boto responds: AWS was not able to validate the provided access credentials

Had a similar issue and decided to post it as an answer given that this may help others (coming here from Google):

Make sure the time on your machine is set correctly.

My machine's time was running just ~8 minutes ahead of the real time and this was causing 401 exactly as above.

If you are on Linux you can do the following to synchronize:

sudo ntpdate us.pool.ntp.org

Man oh man. There is a $HOME/.boto file that saves your old authentication values. Most of a day lost due to this !!

cat ~/.boto

[Credentials]
aws_access_key_id=MY*OLD*ACCESS*KEY 
aws_secret_access_key=MY*OLD_SECRET*ACCESS*KEY

For me the cause was different. I'm using temporary AWS credentials, that are comprised of AWS_ACCESS_KEY, AWS_SECRET_KEY and AWS_SESSION_TOKEN. After enabling boto debug boto.set_stream_logger('boto'), I've noticed that only AWS_ACCESS_KEY and AWS_SECRET_KEY were loaded from env, and AWS_SESSION_TOKEN wasn't. Inspection of the code seems to confirm this:

https://github.com/clari/clari_dynamo/blob/master/boto/boto/provider.py#L307

What worked for me, was passing the token explicitly, when setting up ec2 connection:

ec2.connect_to_region(region, security_token=os.environ.get('AWS_SESSION_TOKEN', None))