aws --profile xx cognito-idp list-users --user-pool-id xxx --filter cognito:user_status="CONFIRMED"
An error occurred (InvalidParameterException) when calling the ListUsers operation: Error while parsing filter. Let me know what is wrong in that code.
Related
The UI path works for me. So let me walk you through this first.
log in with SSO URL
Choose the account from SSO and AWS Console opens
Assume another role
Open s3 and it works
Now I tried to do the same thing with CLI
log in with SSO
Copy access_key, secret_key, session_token from SSO page
Run export for access_key, secret_key, session_token in CLI
Run aws s3 ls to test but didn't work (no problem)
Run aws sts assume-role but didn't work
$ aws sts assume-role --role-arn "arn:aws:iam::123456789:role/SomeRole" --role-session-name AWSCLI-Session --region ap-southeast-2
=> An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::123456789:assumed-role/AWSReservedSSO_some_role_assume_all_123abc/myid#some.domain is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::123456789:role/SomeRole
I have found the answer. For the second part in my question, step 1 and 2 are wrong.
First you need to run
aws configure sso
This will run some magic and set up a profile under ~/.aws/config
Then you need to run aws sts assume-role with the flag --profile and the value is the newly created profile.
Then it will work.
I am running into this error when trying to setup ECR authorization token with docker login.
Can you please advice
echo $(aws ecr get-login-password --region us-east-1 --profile test)|docker login --password-stdin --username AWS 123456789.dkr.ecr.us-east-1.amazonaws.com
Error saving credentials: error storing credentials - err: exit status 1, out: not implemented
The command you are using works with AWS CLI v2. The not implemented message may mean you don't have the latest version OR you are using AWS CLI v1? For AWS CLI v1 there is another (similar) command which calls get-login. See here.
I have been trying to enable default server-side encryption for s3 bucket. However, the command fails with the following error:
[root#dcm-development s3]# aws --profile S3-es-xx-xx-xx-test --endpoint-url https://es-xx-xx-z2.eecloud.xx.net s3api put-bucket-encryption --bucket bucketname --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
An error occurred (InvalidArgument) when calling the PutBucketEncryption operation: Unknown
awscli / Python version:
root#e3a8f6bbbdbc:/app# aws --version
aws-cli/1.18.117 Python/3.6.5 Linux/3.10.0-1062.9.1.el7.x86_64 botocore/1.17.40
I would really appreciate if someone can point out the mistake here. Other operations are working fine such as: put-bucket-policy, delete-bucket-policy, etc.
Is there a way to change the Account status on a user by CLI command?
I know I can resend an email verification with:
aws cognito-idp resend-confirmation-code --client-id 54675464564564 --username XXXX#gmail.com
Is there are any similar command for what I need?
Ok, it was with:
aws cognito-idp admin-update-user-attributes --user-pool-id us-east-2_XXXX --username XXXXXXX#NNNN.com --user-attributes Name="email_verified",Value="false"
I have a user in AWS having Full admin access but still when I try to describe my EC2 instances or List S3 buckets, I get an Access denied error message - examples below. Any help will be greatly appreciated.
aws s3 ls
An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
aws ec2 describe-instances --region eu-west-2
An error occurred (UnauthorizedOperation) when calling the DescribeInstances operation: You are not authorized to perform this operation.
From the command prompt or Linux shell type "aws configure". Verify that the credentials and default region are correct (the last four characters will be displayed). I had the same problem today and I forgot to configure my access keys on a new machine.