Assume I am on a Mac and I have a ~/.aws/config file:
[profile cicd]
region = us-west-2
output = json
[profile prod]
region = us-west-2
output = json
And also a ~/.aws/credentials file:
[cicd]
aws_access_key_id = 12345
aws_secret_access_key = 12345
[prod]
aws_access_key_id = 12345
aws_secret_access_key = 12345
If I run:
aws configure list
I get:
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region <not set> None None
What have I done wrong?
Also, the company I work for has multiple AWS accounts. The cicd profile runs in one AWS account, and the prod runs in a different AWS account. A I supposed to record that fact in the AWS config files?
aws configure list just lists the current AWS credentials that you are using. It doesn't list all the available credentials you have configured on your system. The name of the command is really misleading.
It is currently showing that you have no credentials configured, because you haven't done anything to specify that you want to use one of those profiles in your config/credential files.
If you did something to select a profile, like:
export AWS_PROFILE=cicd
Then you would see some details about that particular profile when you run aws configure list.
Related
We have an AWS EC2 instance, where someone has removed the USER CREDIANTIALS.
So when we run the .aws/credentials we get a aws_access_key_id & aws_secret_access_key which doesn't exists anymore.
ubuntu#prod-ip-000:~$ cat .aws/credentials
[default]
aws_access_key_id = AKIASIY3TRVDD7QZXXXX
aws_secret_access_key = f7rA1eebxzdd61yP4vPTNql09FxgZZam/V5HxxXx
Now I have created another user and add their aws_access_key_id & aws_secret_access_key on the server by
export AWS_ACCESS_KEY_ID=AKIASIY3TRVDCDXXXXXX
export AWS_SECRET_ACCESS_KEY=cgGjUlh5FDPLpUVBBK5Rl8jlWKV6Iv4NrXXXXXX
After that when I run cat .aws/credentials again it still show me the previous user crediantials.
ubuntu#prod-ip-000:~$ cat .aws/credentials
[default]
aws_access_key_id = AKIASIY3TRVDD7QZXXXX
aws_secret_access_key = f7rA1eebxzdd61yP4vPTNql09FxgZZam/V5HxxXx
Does anyone know how can I change the Crediantials of the Old one with the new user's credentials?
Go to the .aws/credetials file and use vim or nano to edit the file and replace the older credentials with your new credentials it will work.
Currently working on deploying a yml file to CloudFormation and I have created this profile called awsbootsrap but when my script runs I get an error. My script:
#!/bin/bash
STACK_NAME=awsbootstrap
REGION=us-east-2c
CLI_PROFILE=awsbootstrap
EC2_INSTANCE_TYPE=t2.micro
# Deploy the CloudFormation template
echo $CLI_PROFILE
echo -e "\n\n=========== Deploying main.yml ==========="
aws cloudformation deploy --region $REGION --profile $CLI_PROFILE --stack-name $STACK_NAME --template-file main.yml --no-fail-on-empty-changeset --capabilities CAPABILITY_NAMED_IAM --parameter-overrides EC2InstanceType=$EC2_INSTANCE_TYPE
# If the deploy succeeded, show the DNS name of the created instance
if [ $? -eq 0 ]; then
aws cloudformation list-exports --profile awsbootstrap --query "Exports[?Name=='InstanceEndpoint'].Value"
fi
where $CLI_PROFILE=awsbootstrap
I get The config profile (awsbootstrap) could not be found
Running aws configure list-profile shows me my profile -> awsbootstrap
Running aws configure list shows
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region <not set> None None
My ~/.aws/config looks like this (have also tried with us-east-1 / us-east-2):
[profile awsbootstrap]
region = us-east-2c
output = json
My ~/.aws/credentials looks like this:
[awsbootstrap]
aws_access_key_id = redacted
aws_secret_access_key = redacted
I have no env variables that are creating issues...
For AWS CLI configuration and credentials files how do you connect the entries in these files? It is like my credentials work, but my config file does not, though the default profile works.
I am presently getting an error: You must specify a region. You can also configure your region by running "aws configure" when running something like:
aws ec2 describe-instances --profile devenv
However if I run the command:
aws s3api list-buckets --profile devenv
then I get a sensible response, a list of buckets.
Here are the credentials and config files:
~/.aws/credentials
[default]
aws_access_key_id = AAAAAAAAAA
aws_secret_access_key = BBBBBBBBBB
[devenv]
aws_access_key_id = CCCCCCCCCC
aws_secret_access_key = DDDDDDDDDD
[testenv]
aws_access_key_id = EEEEEEEEEE
aws_secret_access_key = FFFFFFFFFF
~/.aws/config
[default]
region = us-east-1
output = json
[devenv]
region = us-west-2
output = json
[testenv]
region = us-east-2
output = json
The problem here is the attention paid to constructing the ~/.aws/config file.
The "default" entry does not need to be prefaced by the word "profile". The non-default entries need a "profile" prefix. Because the default doesn't require the word "profile," while it works, manually constructed, or built using the aws configure command, it is not a model for the format the other entries require.
~/.aws/config
[default]
region = us-east-1
output = json
[profile devenv]
region = us-west-2
output = json
[profile testenv]
region = us-east-2
output = json
This is content of my "config" file:
[default]
region = us-west-1
output = json
[profile reader]
region = region=us-west-1
output = json
[profile writer]
region = region=us-west-1
output = json
This is content of my "credentials" file
[default]
aws_access_key_id = .....................J6O
aws_secret_access_key = .................PNM/a
[reader]
aws_access_key_id = .....................PPF
aws_secret_access_key = .................iPQ46
[writer]
aws_access_key_id = .....................J6O
aws_secret_access_key = .................PNM/a
This is command I use in AWS CLI:
C:\Users\Evgeni\.aws>aws s3 mb s3://rofl.easy-breezy.kek --profile=writer
When I try to run it, I have this error:
Invalid endpoint: https://s3.region=us-west-1.amazonaws.com
But if I run it with specified --region parameter - it works fine:
C:\Users\Evgeni\.aws>aws s3 mb s3://yewfy.topkek.azaza44666 --profile=writer --region=us-west-1
make_bucket: yewfy.topkek.azaza44666
What am I doing wrong?
your config file says
region = region=us-west-1
in two places. remove the extra region= from those lines
You have typo in the config:
region = region=us-west-1
I wish to run a terraform plan to verify a terraform plan file uploaded by a user and detect the resources.
However, running terraform plan as of now requires AWS credentials.
Is there a way to run plan without using the credentials or extract the list of resources in another way from the .tf file?
Found a solution here,
https://github.com/terraform-providers/terraform-provider-aws/issues/5584#issuecomment-433203543
Along with the skip_credentials_validation flag, a mock secret_key is also required.
provider "aws" {
region = "${var.region}"
skip_credentials_validation = true
skip_requesting_account_id = true
skip_metadata_api_check = true
s3_force_path_style = true
access_key = "mock_access_key"
secret_key = "mock_secret_key"
}