I installed EB CLI following these instructions.
To use it, I configured AWS CLI for SSO following these instructions.
This creates a config file in ~/.aws/config with these contents:
[profile <profile_name>]
sso_session = <session_name>
sso_account_id = <account_no>
sso_role_name = <role_name>
region = <region>
output = json
[sso-session <session_name>]
sso_start_url = <start_url>
sso_region = <region>
sso_registration_scopes = <scopes>
All the values seem to be correct.
Once configured, I can login using SSO using:
aws sso login --profile <profile_name>
This redirects me to the SSO <start_url> and I get the confirmation for login:
Successfully logged into Start URL: <start_url>
EB CLI is supposed to be able to login using the authentication methods set with AWS CLI. I am trying to do so with:
eb init --profile <profile_name>
However, after selecting the region, I get this error:
ERROR: InvalidConfigError - The profile "<profile_name>" is configured to use SSO but is missing required configuration: sso_start_url, sso_region
I am not sure what I am missing as the ~/.aws/config file seems to be properly set with the sso_start_url and sso_region I specified in the AWS CLI configuration.
Is there any other intermediate step to get EB CLI working with SSO?
When I try to use the AWS CLI to run commands for the new AWS CodeCatalyst service, the command hangs for a bit and I keep getting the same error: Unable to locate authorization token
I verified that my AWS profile/credentials are pointing to the AWS account that I linked when I signed up for CodeCatalyst.
% aws --profile dev-admin s3 ls
2020-06-03 06:44:13 bucket1
2022-10-31 16:45:08 bucket2
% aws --profile dev-admin codecatalyst list-access-tokens
Unable to locate authorization token
What am I doing wrong?
You can't use your normal AWS credentials when running AWS CLI commands for codecatalyst because CodeCatalyst uses our AWS Builder ID as your user to authenticate and you need a special profile for that.
To get this working, add the following to your ~/.aws/config file to create a profile (calling it codecatalyst in this example):
[profile codecatalyst]
region = us-west-2
sso_session = codecatalyst
[sso-session codecatalyst]
sso_region = us-east-1
sso_start_url = https://view.awsapps.com/start
sso_registration_scopes = codecatalyst:read_write
Then you can run the login command to login and get your credentials setup in the CLI. It will redirect you to a browser window where you need to login with your AWS Builder ID that you used to sign up with CodeCatalyst.
% aws sso login --profile codecatalyst
After this, you can successfully run CodeCatalyst CLI commands using your new profile:
% aws codecatalyst list-access-tokens --profile codecatalyst
{
"items": [
...
]
}
Reference:
Code Catalyst CLI Setup Guide
I have created a batch script using the aws cmdline in windows however it doesn't seems to be running from my machine. IT does run from one of the server in our infra. IF i just run the aws s3api command from my machine it runs fine.
aws configure set AWS_ACCESS_KEY_ID <Access_key>
aws configure set AWS_SECRET_ACCESS_KEY <secret_key>
aws configure set default.region us-east-1
set /p key="Enter key:"
aws s3api put-object --bucket <bucket_name> --key %key%
If you are on your local machine you can go to ~/.aws/credentials in your terminal and see there are your configured profiles. Typically you have a profile that is name [default] in which by default all of your aws calls etc will get ran with those keys and their respective permissions.
If your aws configure is not being set properly then your aws commands will try and execute under that [default] profile.
I'm trying to set up Amazon AWS EC2 instance to talk to s3. The basic command is
aws configure
then follow the prompt to enter
AWS Access Key ID [None]: my-20-digit-id
AWS Secret Access Key [None]: my-40-digit-secret-key
Default region name [None]: us-east-1
Default output format [None]: text
However, what I really want is to have the command
aws configure
automatically without interaction, i.e., no prompt and wait for input
I know there are files at
~.aws/credentials
~.aws/config
where I put those 4 key=value pairs. And the "credentials" file looks like
[default]
aws_secret_access_key = my-40-digit-secret-key
aws_access_key_id = my-20-digit-id
while the "config" file looks like
[default]
region = us-east-1
output = text
However, with those file at ~/.aws/, I get into ~/.aws/, and at the command line, I type and enter command
aws configure
I still got the prompt to ask me
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
If I don't enter valid values at prompt, I won't be able to connect to s3, for example via command
aws s3 ls s3://mybucket
I turned help to amazon aws documentation pages. At this page, it mentions this option
"Command line options – region, output format and profile can be specified as command options to override default settings."
as the first option for aws configure
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
However, it didn't mention how to use the command line options. I tried something like this
aws configure --region us-east-1
but I still got
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:
exactly like I have no option of "--region us-east-1"
If I try to
aws configure --aws_access_key_id my-20-digit-id --aws_secret_access_key my-40-digit-secret-key --region us-east-1
I get this
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument subcommand: Invalid choice, valid choices are:
How I can run the command
aws configure
automatically, no prompt, no interaction.
Please help! TIA
Edit and response to helloV, as the format in main post is much clearer than comment.
I tried the command helloV mentioned, but I got error
aws configure set aws_access_key_id my-20-digit-id
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument subcommand: Invalid choice, valid choices are:
Thanks though.
Continue on "aws configure set"
On another EC2 instance where I've already set connection to s3, I enter
aws configure set region us-east-1
runs and returns to command prompt ">"
aws configure set aws_access_key_id my-20-digit-id
runs and returns to command prompt ">"
aws configure set aws_secret_access_key my-40-digit-secret-key
runs and returns to command prompt ">"
aws configure
runs but comes with prompts and waits for interaction
AWS Access Key ID [****************ABCD]:
AWS Secret Access Key [****************1234]:
Default region name [us-east-1]:
Default output format [text]:
helloV:
here is my screen looks like
ubuntu#ip-11111:~/.aws$ more config
[default]
region = us-east-1
output = text
ubuntu#ip-11111:~/.aws$ more credentials
[default]
aws_secret_access_key = my-40-digit-secret-key
aws_access_key_id = my-20-digit-id
ubuntu#ip-11111:~/.aws$ aws s3 ls s3://
I got this
Unable to locate credentials. You can configure credentials by running "aws configure".
After this, I run
aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key <not set> None None
secret_key <not set> None None
region us-east-1 config_file ~/.aws/config
Looks like it does not check ~/.aws/credentials file, but ~/.aws/config file is in the list.
These commands worked for me. If this doesn't works for you. Try do the first time using the interaction mode aws configure
aws --profile default configure set aws_access_key_id "my-20-digit-id"
aws --profile default configure set aws_secret_access_key "my-40-digit-secret-key"
I figured out, finally. Use export such as
export AWS_ACCESS_KEY_ID=my-20-digit-id
export AWS_SECRET_ACCESS_KEY=my-40-digit-secret-key
export AWS_DEFAULT_REGION=us-east-1
then run
aws s3 ls s3://
would work. Don't run "aws configure" as others mentioned.
Thank you all.
You describe the file very well. Why not just create a file and put it in the right place? I just tried... it's exactly the same as running aws configure
UPDATE: You mention that you want to access S3 from EC2 instance. In this case you shouldn't be using credentials at all. You should user Roles instead
The solution is that you actually don't have to run aws configure! After you run it for the 1st time and established the credentials (~/.aws/credentials) and config (~/.aws/config), going forward you simply have to run the required aws command. I tested this with a cron job and did a "aws s3 ls" command and it worked without having to provide a configure command before it.
Follow this command
$aws configure set aws_access_key_id default_access_key
$ aws configure set aws_secret_access_key default_secret_key
$ aws configure set default.region us-west-2
or
aws configure set aws_access_key_id <key_id> && aws configure set aws_secret_access_key <key> && aws configure set default.region us-east-1
For more details use this link
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configure/set.html
I use something like this:
aws configure --profile my-profile-name <<-EOF > /dev/null 2>&1
${AWS_ACCESS_KEY_ID}
${AWS_SECRET_ACCESS_KEY}
${AWS_REGION}
text
EOF
also to cleanup after automated process, and not remove `~/.aws/ directory (since some other credentials might be stored there) I run:
aws configure --profile my-profile-name <<-EOF > /dev/null 2>&1
null
null
null
text
EOF
Calling the following AWS CLI SDK command triggers the shell prompting for a series of values:
$ aws configure --profile profilename
$ AWS Access Key ID [None]:
etc....
Is there any way to specify the parameters in line? E.g.
$ aws configure --profile profilename --access-key=foo --access-secret=goo --region=bar
Thanx in adv,
Michael McD
Sort of. You can't do them all at once (aws configure help will show you there are no such options), but can do them one at a time.
From aws configure set help:
Given an empty config file, the following commands:
$ aws configure set aws_access_key_id default_access_key
$ aws configure set aws_secret_access_key default_secret_key
$ aws configure set default.region us-west-2
$ aws configure set default.ca_bundle /path/to/ca-bundle.pem
$ aws configure set region us-west-1 --profile testing
$ aws configure set profile.testing2.region eu-west-1
$ aws configure set preview.cloudsearch true
will produce the following config file:
[default]
region = us-west-2
ca_bundle = /path/to/ca-bundle.pem
[profile testing]
region = us-west-1
[profile testing2]
region = eu-west-1
[preview]
cloudsearch = true
and the following ~/.aws/credentials file:
[default]
aws_access_key_id = default_access_key
aws_secret_access_key = default_secret_key
Note that you could also set the credentials temporarily as environment variables when running other aws commands. If that's interesting to you, see the documentation. You can't just set them and run aws configure --profile profilename though -- this will still prompt you.