Jenkins Cloudformation plugin gives InValid Client Id error

The log shows that your issue is authentication-related:

Reason: Detailed Message: The security token included in the request is invalid.(Service: AmazonCloudFormation; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: be71618c-3027-11e9-8d00-45421bf87ce0)Status Code: 403Error Code: InvalidClientTokenId

The problem could be either a bug in the Jenkins plugin or (more likely) a problem with the keys you are providing to the plugin.

The source code for the plugin (code ref), meanwhile, appears to indicate that the plugin always tries to use the access keys you provide. If you leave the key fields blank I guess it tries empty strings as the keys. Thus, the IAM role attached to the instance is probably not relevant.

Note that the error you receive InvalidClientTokenId is documented here:

InvalidClientTokenId

The X.509 certificate or AWS access key ID provided does not exist in our records.

HTTP Status Code: 403

Now, you mention in your update that:

I am able to create a stack using aws cli in the same ec2 instance and with the same user.

So firstly, try that again, and then have a look in CloudTrail. Filter by EventName=CreateStack, and then you'll see something like this:

Is it really the same user and Access Key?

I suspect you're going to find that it isn't, and the fix for you will be to provide correct Access Keys. If not, let me know and we can consider other possibilities.