Menu
I am trying to get started with the AWS CLI on OSX. I installed aws via pip. I have created a new user in IAM and attached the pre-built AdministratorAccess - AWS Managed policy policy. Next I have I have copied the Access Key ID and the Secret Access Key generated.
The user I created is not in any groups. Their policy looks like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
Next, I ran aws configure from the command line, and entered the access key and secret key that I copied, plus a region code of eu-west-1 (which seems unlikely to be relevant since IAM users are global), and an output format of text.
Then I have tried running a simple test command to set up a new group:
$ aws ec2 create-security-group --group-name my-sg --description "My security group" --debug
However, this fails with the following error:
A client error (UnauthorizedOperation) occurred when calling the CreateSecurityGroup operation: You are not authorized to perform this operation.
Other commands fail in the same way.
My only theory is that it's a copy and paste error in the keys, but I've tried doing the whole process above twice and failed in the same way both times. What am I doing wrong? Is there a way I can debug which part of the process is failing?
309
Your AWS CLI is getting credentials from somewhere else. See Configuration Settings and Precedence
Make sure it is not getting the credentials from environment variables or from other locations. The AWS CLI looks for credentials and configuration settings in the following order:
109
In my case this was caused by not having the correct policy attached to the IAM user I was authenticating with.
Attach the AmazonEC2FullAccess policy to the user in the IAM Management Console and the command should work.
7
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
