Menu
What is the aws-cli command to verify my login credentials are correct?
What is the whoami equivalent for the aws-cli?
I'm learning AWS technologies including serverless and using different accounts when working with different teams. I sometimes get errors that are due to using the wrong credentials or not having the permission to do something.
When I run into an error, the first thing I want to do is make sure I'm using the correct credentials, so I want a whoami command. So:
I want to know that my AWS credentials are valid,
What my AWS IAM login is. The equivalent of whoami in Windows or
Unix. Obviously, if it just gives me who I am I know I'm valid!
What the rights are for the IAM user I'm logged in as. The IAM roles or permissions this IAM user has. See also Roles terms and concepts
So I've searched and found:
Verifying AWS Command Line Interface credentials are configured correctly - which again is similar. It has a link to named profiles which helps by giving me a command that should work aws ec2 describe-instances which works, and fills #1 from above list.
More searches give
Leads me to: Why am I receiving the error message "You are not authorized to perform this operation" when I try to launch an EC2 instance? - which I think could help me and answer this question but when I try the command:
aws --version
aws-cli/2.1.29 Python/3.8.8 Windows/10 exe/AMD64 prompt/off
aws sts decode-authorization-message --encoded-message encoded-message
An error occurred (InvalidAuthorizationMessageException) when calling the DecodeAuthorizationMessage operation: Message is not valid
Another link: Why can't I run AWS CLI commands on my EC2 instance?
which leads me back to a previous link...
I'm guessing that this is a simple request and has a simple answer. Please share it. Thanks.
824
To validate a user's credentials with the AWS CLI, run the sts get-caller-identity command. The command returns details about the user's credentials if they are valid, otherwise it throws an error. Let's run the get-caller-identity command on the default profile:
These credentials are then stored (in ~/.aws/cli/cache ). Subsequent AWS CLI commands use the cached temporary credentials until they expire, and at that point the AWS CLI automatically refreshes the credentials. There are several ways to view and set your configuration settings in the files.
Use this procedure in the user portal when you need temporary security credentials for short-term access to resources in an AWS account using the AWS CLI. The user portal makes it easy for you to quickly select an AWS account and get the temporary credentials for a given IAM role.
All the generic AWS CLI Commands you… | by Dasika Madhu | AWS in Plain English What is AWS CLI? “The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell.”
Use STS GetCallerIdentity:
Returns details about the IAM user or role whose credentials are used to call the operation.
Run this with awscli, as follows:
aws sts get-caller-identity
Example output:
{
"UserId": "AIDAAA12345ABCDEFABCD",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/james"
}
You can use get-user:
$ aws iam get-user
{
"User": {
"Path": "/",
"UserName": "myuname",
"UserId": "...",
"Arn": "arn:aws:iam::000000000000:user/myuname",
"CreateDate": "1970-01-01T00:00:00Z",
"PasswordLastUsed": "1970-01-01T00:00:00Z"
}
}
and list-account-aliases:
$ aws iam list-account-aliases
{
"AccountAliases": [
"myalias"
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
