fix: handle cdk error mapping for more generic invalid credentials (#2279)

Author: Amplifiyer

.changeset/fair-ghosts-wave.md

@@ -0,0 +1,5 @@
+---
+'@aws-amplify/backend-deployer': patch
+---
+
+handle cdk error mapping for more generic invalid credentials

packages/backend-deployer/src/cdk_error_mapper.test.ts

@@ -31,6 +31,15 @@ const testErrorMappings = [
     expectedDownstreamErrorMessage:
       'Error: The security token included in the request is expired',
   },
+  {
+    errorMessage:
+      'InvalidClientTokenId: The security token included in the request is invalid',
+    expectedTopLevelErrorMessage:
+      'The security token included in the request is invalid.',
+    errorName: 'ExpiredTokenError',
+    expectedDownstreamErrorMessage:
+      'InvalidClientTokenId: The security token included in the request is invalid',
+  },
   {
     errorMessage: 'Access Denied',
     expectedTopLevelErrorMessage:

packages/backend-deployer/src/cdk_error_mapper.ts

@@ -99,7 +99,7 @@ export class CdkErrorMapper {
   }> => [
     {
       errorRegex:
-        /ExpiredToken|Error: The security token included in the request is expired/,
+        /ExpiredToken|(Error|InvalidClientTokenId): The security token included in the request is (expired|invalid)/,
       humanReadableErrorMessage:
         'The security token included in the request is invalid.',
       resolutionMessage: