I post a question to ask.openstack.org but got no answers yet, so I repost it here. https://ask.openstack.org/en/question/79509/heat-autoscaling-aws-authentication-failure-under-keystone-v3/ I'm using kilo codes and we wanna keystone v3 instead of keystone v2 in our product. So we change heat.conf and configure to use v3 as following: [keystone_authtoken] signing_dir = /var/cache/heat cafile = /opt/stack/data/ca-bundle.pem admin_tenant_name = service admin_password = Passw0rd admin_user = heat auth_uri = http://9.123.137.235:5000/v3 identity_uri = http://9.123.137.235:35357 auth_version = v3.0 [ec2authtoken] auth_uri = http://9.123.137.235:5000/v3 But when doing autoscale, I see errors in api-cfn.log: 2015-08-03 15:32:47.040 INFO heat.api.aws.ec2token [-] Checking AWS credentials..2015-08-03 15:32:47.040 INFO heat.api.aws.ec2token [-] AWS credentials found, checking against keystone.2015-08-03 15:32:47.041 INFO heat.api.aws.ec2token [-] Authenticating with http://9.123.137.235:5000/v3/ec2tokens2015-08-03 15:32:47.224 INFO heat.api.aws.ec2token [-] AWS authentication failure. But if auth_uri change to using v2, it can work. I google it and find some mails said that ec2tokens can work under v3. http://lists.openstack.org/pipermail/openstack-dev/2013-December/021765.html So I'm wanna know that if I missed any place to be configured and how to debug with ec2tokens? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150805/154c4be5/attachment.html>