Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to test credentials for AWS Command Line Tools

Tags:

amazon-web-services

aws-cli

People also ask

How do I verify AWS CLI credentials?

To validate a user's credentials with the AWS CLI, run the sts get-caller-identity command. The command returns details about the user's credentials if they are valid, otherwise it throws an error.

How do I know if my AWS Access Key is working?

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ . In the navigation pane, choose Users. Choose the name of the intended user, and then choose the Security credentials tab. The user's access keys and the status of each key is displayed.

How do you check if AWS CLI is configured or not?

Use the describe-configuration-recorder-status command to check that the AWS Config has started recording the configurations of the supported AWS resources existing in your account. The recorded configurations are delivered to the specified delivery channel.

Use GetCallerIdentity:
aws sts get-caller-identity

Unlike other API/CLI calls it will always work, regardless of your IAM permissions.

You will get output in the following format:

{
    "Account": "123456789012", 
    "UserId": "AR#####:#####", 
    "Arn": "arn:aws:sts::123456789012:assumed-role/role-name/role-session-name"
}

Exact ARN format will depend on the type of credentials, but often includes the name of the (human) user.

It uses the standard AWS CLI error codes giving 0 on success and 255 if you have no credentials.


There is a straightforward way - aws iam get-user would tell the details about who you are (the current IAM User) - provided the user has iam privileges.

There are couple of CLI calls which support --dry-run flag like aws ec2 run-instances which you tell you whether you have necessary config / cred to perform the operation.

There is also --auth-dry-run which Checks whether you have the required permissions for the command, without actually running the command. If you have the required permissions, the command returns DryRunOperation; otherwise, it returns UnauthorizedOperation. [ From AWS Documentation - Common Options ]

You would be able to list the IAM Access Keys from Management Console which you can cross check to see who has been assigned which key.

The best way to understand which user / role has what privileges is make use of IAM Policy Simulator.

Related questions

Opening port 80 EC2 Amazon web services [closed]
Unable to verify secret hash for client in Amazon Cognito Userpools
How to see all running Amazon EC2 instances across all regions?
What is the difference between Amazon ECS and Amazon EC2?
Amazon S3 direct file upload from client browser - private key disclosure
How do I get AWS_ACCESS_KEY_ID for Amazon?
Amazon S3 - HTTPS/SSL - Is it possible? [closed]
How do you search an amazon s3 bucket?
AccessDenied for ListObjects for S3 bucket when permissions are s3:*
DynamoDB vs MongoDB NoSQL [closed]
S3 Bucket action doesn't apply to any resources
How to choose an AWS profile when using boto3 to connect to CloudFront
Why should I use Amazon Kinesis and not SNS-SQS?
How to rename AWS S3 Bucket name
AWS Error Message: A conflicting conditional operation is currently in progress against this resource
How can I tell how many objects I've stored in an S3 bucket?
How to load npm modules in AWS Lambda?
How to make all Objects in AWS S3 bucket public by default?
Amazon SimpleDB vs Amazon DynamoDB
WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!