Why the command aws iam list-users not working? - amazon-web-services

aws iam list-users command not working
I have setup AWS CLI in Windows. The path has been added under the system environment variable.
When I try the commands aws --version and aws configure, it is successful. But to see the list of users the command aws iam list-users is throwing this error:
'more' is not recognized as an internal or external command, operable program or batch file.
I am stuck. Could anyone help please?

It sounds like the AWS CLI is trying to use an output paginator that is not in the path.
Put simply, AWS CLI sends its output via a utility that lets you 'page' through the results. In your case, it is trying to use the more command.
You can tell the AWS CLI not to use a paginator by putting this in the .aws/config file:
[default]
cli_pager=
For more details, see: Using AWS CLI pagination options - Client-side pager - AWS Command Line Interface

Related

Connection to sts.amazonaws.com timed out when calling Python boto3 API from EC2 instance

I am trying to setup some build and deployment servers based on EC2 instances to deploy software to AWS via CloudFormation.
The current setup uses the AWS CLI to deploy CloudFormation templates, and authentication is handled using a credentials profile where the ~/.aws/config file has a profile with:
[profile x]
role_arn = x
credential_source = Ec2InstanceMetadata
region = x
The setup using the AWS CLI appears to be working fine, and can deploy CloudFormation templates, upload files to S3 etc.
I wanted to automate this further and use a configuration-based approach to allow for more flexibility in our deployments. To achieve this, I have written some Python code to parse a config file and use the Boto3 library (which the AWS CLI also uses) to replicate the functionality. However when I am trying to do similar things in Boto3 (like deploy CloudFormation and upload files to S3), I get the following error: Connection to sts.amazonaws.com timed out. Unfortunately I can't provide the full stack trace since it's on a separate network. I am running Python 3.7 and boto3-1.21-13, botocore-1.24.13.
I assume it might be because I need to setup a VPC endpoint for STS? However, I can't work out why and how the AWS CLI works fine, but Boto3 doesn't. Especially since AWS CLI uses Boto3 under the hood.
In addition, I have confirmed that I can retrieve instance metadata using curl from the EC2 instances.
To reproduce the error, this command fails for me:
python -c "import boto3;print(boto3.Session(profile_name='x').client('s3').list_objects('bucket')"
However this AWS cli command works:
aws --profile x s3 ls bucket
I guess I don't understand why the AWS CLI command works, when the boto3 command fails. Why does boto3 needs to call the sts.amazonaws.com endpoint, when the AWS CLI seemingly doesn't? What am I missing?
The aws cli and boto3 both use botocore, which is only a minor detail. Nevertheless, both the cli and boto3, when run in the same environment with the same access to the credentials, should indeed be able to reach the same endpoint.
This:
aws sts get-caller-identity --profile x
and:
python -c "import boto3;print(boto3.Session(profile_name='x').client('sts').get_caller_identity())"
are equivalent and should make the same api calls to the same endpoint.
As an aside, I find it is often best not to have your code concerned with session handling at all. It seems most simple to me for the code to expect the environment to handle that. So just export AWS_PROFILE and run the code. This prevents other user of the script from having to have the same profile and name it the same.
Yeah so it turns out I just needed to set/export AWS_STS_REGIONAL_ENDPOINTS='regional'.
After many hours of trawling the botocore and awscli source and logs, I found out that botocore sets it by default to 'legacy'.
Where as in v2 of the AWS CLI, they set it to 'regional'.

AWS: Hot to configure AWS credentials for multiple accounts in Mac OS terminal

I found way to configure AWS credentials by
aws configure
command. But this is not very comfortable for me since I'm using multiple AWS accounts. Is there any way to make it easy to configure AWS credentials and switch between them?
Yes. You can configure multiple profiles.
The easiest way is to use:
aws configure --profile <name>
You can then use it with:
aws s3 ls --profile <name>
If --profile is not specified, it will use the default profile.
All configuration information is stored in the ~/.aws/credentials and ~/.aws/config files.
See: Named profiles - AWS Command Line Interface

AWS CLI Mac show output only without opening a "vim"

Maybe it is for me but AWS cli on Mac it not outputting, it is like creating a new vim window when I have something like this. I am wondering is there a way to just show the output?
aws --cli-connect-timeout 6000 --endpoint-url=http://localhost:4566 sqs create-queue --queue-name test_queue
Cli version:
> aws --version
aws-cli/2.1.1 Python/3.9.0 Darwin/19.6.0 source/x86_64
It is possible that you are seeing the output of a pager.
There are a few ways to change this. I add the following to my ~/.aws/config file:
[default]
cli_pager=
For details, see: Using AWS CLI pagination options - AWS Command Line Interface

Aws --version command works in jmeter, however other aws commands which needs --profile throws error in jmeter

I am trying to access aws cloudwatch metrics through jmeter for further processing. In order to do this, i am using OS sampler in JMeter,which has command as aws and parameter as my --version. So when i execute this, i get a result regarding my aws cli.
However when i am trying to use aws cloudwatch --profile test get-metrics etc, i am getting error in listerner that invalid parameters/commands,though similar commands works with command prompt.
Can some one help me with this?
enter image description here
My issue is JMeter recognizes aws,however its not able execute any other commabd other than aws --version
I believe you need to call cmd or bash interpreter depending on your operating system, like:
More information: How to Run External Commands and Programs Locally and Remotely from JMeter
The reason that error was being thrown is having all AWS cli params/properties sent on the same line of Command Parameters in OS Process Sampler.
AWS CLI v2 commands from JMeter on Windows (I use 10) need to be split on multi-line.
Below is my setup.
the original command is:
$ aws dynamodb list-tables
Result:

Aws configure is not saving configuration data in credentials and config files on windows 10

I am trying to configure AWS CONFIGURE via AWS CLI on my laptop having Windows 10 professional. This is not the first time I am configuring AWS CONFIGURE. I already have many profiles settings.
I have enough free system memory and storage and have sufficient rights to run aws configure. I am using Python 3.6
Here is the detail, how I am trying to setup AWS CONFIGURE.
When I run this command again, it asks all the values again.
Even if I run an AWS CLI command using this new profile; to create a lambda function ( aws lambda create-function xxxxxxxxx --profile lambdaprofile ).
It gives below error.
The config profile (lambdaprofile) could not be found.
Please help me.
Some times this issue happens and AWS CLI is unable to set new profile and settings in config file.
Here is a fix of this issue.
Run below command from windows console.
notepad %USERPROFILE%\.aws\credentials
You will see last line of credentials file with overlapping line.
e.g in your particular case, it would be showing like below.
region = us-east-1[lambdaprofile]
aws_access_key_id = AKIAIGCOZJBAKIAIGCOZJB
aws_secret_access_key = gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
region = use-east-1
Similar issue would be in config file, which can be checked by opening this file.
notepad %USERPROFILE%\.aws\config
To fix this issue set [lambdaprofile] to new line, preferably add another empty line before [lambdaprofile]. It should look like below.
region = us-east-1
[lambdaprofile]
aws_access_key_id = AKIAIGCOZJBAKIAIGCOZJB
aws_secret_access_key = gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
region = use-east-1
Also do the same fix in config file. After fixing it, if you will run aws configure --profile lambdaprofile it should show the previously saved values in credentials and config files.
You may also check if values are saved or not with below command.
aws configure list --profile lambdaprofile
Alternately to the fix detail mentioned above, you can also set new profile directly with AWS CONFIGURE SET
e.g in your particular case.
aws configure --profile lambdaprofile set aws_access_key_id AKIAIGCOZJBAKIAIGCOZJB
aws configure --profile lambdaprofile set aws_secret_access_key gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
aws configure --profile lambdaprofile set region use-east-1
or
aws configure set profile.lambdaprofile.aws_access_key_id AKIAIGCOZJBAKIAIGCOZJB
aws configure set profile.lambdaprofile.aws_secret_access_key gHZWwhUxRLtwQRUknGgHZWwhUxRLtwQRUknG
aws configure set profile.lambdaprofile.region use-east-1