I've been trying to add my aws account to ask-cli so that i can directly deploy my lambda function.
whenever i try to clone or deploy it says,
No AWS credential setup for profile: [default].
Lambda clone skipped. CLI lambda functionalities can be enabled
by running `ask init` again to add 'aws_profile' to ASK cli_config
even after following 'ask init' it has no effect.
I've added amazon developer account to ask-cli but unable to link with aws.
any help would be appreciated.
thanks in advance.
if you have installed aws-cli then plz run aws-configure and provide your id and secret key.
$ aws configure --profile user2
AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLE
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: text
otherwise create folder in home named .aws and add credential file in it.
In that you can specify following format
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Well, this question has been already answered. But I want to add something.
If somehow, you did not setup the AWS credentials while setting up ASK profile, you can run below command to setup AWS credentials and link to an ASK profile.
ask init --aws-setup
Then, you will be prompted to enter your profile name, your access key, and your secret access key. Profile name will be default if you have not created multiple ASK profiles. After providing the credentials, you will not get the error mentioned in the question.
Related
I entered incorrect credentials on the secret access key and region name of the AWS CLI configure command on command prompt. I never found a way to change the secret access key.
I entered:
AWS Access Key
AWS Secret Access Key
Default region name
Default output format [None]:
I want to delete the aws configure of AWS CLI by using command prompt.
You can simply run aws configure again and it will replace the existing values.
The information is stored in ~/.aws/credentials, so you also have the option to manually edit that file, or even delete the file.
I am wanting to set up a recursive sync from a Linux machine (Fedora) to an AWS S3 bucket. I am logged into Linux as root and have an AWS Key and Secret associated with a specific AWS user "Lisa".
I have installed aws-cli, s3cmd, and attempted to configure both. I have verified the aws/configure and aws/credentials files both have a default user and a "Lisa" user with Access Key and Secret pairs. I receive errors stating that Access is Denied, access key and secret pair not found. I have researched this on the web and verified that there are no environment variables that could be overriding the configure & credential files. I have also granted full access permissions to the bucket created through the AWS Console to all logged in users. I have not rotated the keys, as they were first created a week ago, and I was able to log-in & set-up the AWS console using that same key pair.
What else should I be doing before rotating the keys?
It looks like you haven't configured AWS credentials correctly. Make sure that you have correct access keys in your credentials file. If you don't specify any profiles, awscli uses the default profile.
~/.aws/credentials
[default]
aws_access_key_id=AKIAIDEFAULTKEY
aws_secret_access_key=Mo9T7WNO….
[Lisa]
aws_access_key_id=AKIAILISASKEY
aws_secret_access_key=H0XevhnC….
This command uses the default profile:
aws s3 ls
This command uses Lisa profile:
aws s3 ls --profile Lisa
You can set an environment variable to override the default profile.
export AWS_DEFAULT_PROFILE=Lisa
Now this command uses the profile Lisa:
aws s3 ls
If you don't know which profile is active, you can just invoke the following command:
aws sts get-caller-identity
You seem to have several terms intermixed, so it's worth knowing the difference:
Username and password is used to login to the web-based management console. They are short, to be human-readable and easy to remember.
Access Key (starting with AKIA) and Secret Key is used for making API calls. It is also used by the AWS CLI (which makes API calls on your behalf)
Key pair consists of a public and private key, used for authenticating SSH connections. It is a very long block of text.
You mention that an Access Key is not found. This could be because the wrong type of credential is being provided.
I installed aws cli and supplied the aws access key ID and secret access key. Everything worked perfectly!. I then deleted the user as I have no need for it anymore. I have then created a new user (which has different access key ID and secret access key).
The issue:
When I type
aws configure
I get:
AWS Access Key ID [****…]
AWS Secret Access Key [****...]
So the command prompt is using the previous keys.
How do I enter the new keys into the command prompt?
Just ignore the old key and input your new key, It will be overwrited.
Just want to add one more way to do it. This is particularly useful, if you do not want to override your current user but add another one instead.
You can use the profile option to add more credentials:
aws configure --profile <my-new-profile-name> [1]
If you do not use the profile option, you are implicitly configuring the default's profile credentials.
If you want to use a profile afterwards, each aws cli command provides the profile option, e.g.: aws s3 ls --profile <my-new-profile-name> [2]
References
[1] https://docs.aws.amazon.com/cli/latest/reference/configure/
[2] https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-options.html
I have been invited to some project that has a repository stored in AWS CodeCommit. I received Access Key ID, Secret Key, region and repository url... I created an account in AWS (I didn't have one before) and created a new IAM user with AWSCodeCommitFullAccess privilege but I have no idea how to bind this user with a repository I was given. The console available at https://console.aws.amazon.com/codecommit/home points me to documentation or allows to create an empty repository and the access keys panel in IAM allows me only to create new Access Keys but not provide existing ones... How can I get to some existing repository then? Maybe the owner needs to do something as well?
Try ti Follow these steps:
To install and configure the AWS CLI:
On your local machine, download and install the AWS CLI. This is a
prerequisite for interacting with AWS CodeCommit from the command
line. ( install Latest Version Following this Guide )
Run this command to verify the AWS CodeCommit commands for the AWS
CLI are installed:
aws codecommit help
This command should return a list of AWS CodeCommit commands.
Configure the AWS CLI with the configure command, as follows aws configure
When prompted, specify the AWS access key and AWS secret access key of the IAM user you got from.
Also, be sure to specify the region where the repository exists, such as us-east-2. When prompted for the default output format, specify json. For example:
AWS Access Key ID [None]: Type your target AWS access key ID here, and then press Enter
AWS Secret Access Key [None]: Type your target AWS secret access key here, and then press Enter
Default region name [None]: Type a supported region for AWS CodeCommit here, and then press Enter
Default output format [None]: Type json here, and then press Enter`
Next Assuming you have Git Pre-installed on your machine Set Up the Credential Helper :
From the terminal, use Git to run git config, specifying the use of
the Git credential helper with the AWS credential profile, and
enabling the Git credential helper to send the path to repositories:
git config --global credential.helper '!aws codecommit credential-helper $#'
git config --global credential.UseHttpPath true
Now you can connect to your git they way you do normally, refer this AWS Documentation for more details.
It seems you want to contribute to a repository that already have existed in another account. To access the repository data by doing 'git clone', the provided "Access Key ID, Secret Key, region and repository url." should be sufficient. But you have to use the aws cli credential helper by following the instruction here: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-unixes.html. There are other ways as well to access the repository, please take a look at the doc here: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up.html.
If you want to check the code via AWS console, you can access the console by using this url: https://[account_id].signin.aws.amazon.com/console (replace the account_id with the account id where the repository belongs to). And you need to provide the username and console login password of the IAM user that have permission to read the codecommit repository.
We are in a strange stage at the moment. Our DevOps guy left the organization. Now when we disable his keys in IAM. We saw this kinda error in production. "An error occurred (AccessDenied) when calling the PutObject operation: Access Denied when trying to upload an object on your bucket: XXXXX-prd-asset-images/." If i check Devops Guy IAM , i can see last used as S3 service. Guys i can understand its a half information but any help would be appreciated.
Can we look at prod instances if AWS keys stored there?
Can we check any policy?
Can we check bucket information?
That Devops guy had his AWS Keys being used for AWS CLI.
You need to create a generic account in AWS IAM which is not used by any developer and system administrator to avoid this situation in future.
Now do one thing create a generic account which has same IAM policies as that of your Devops guy account. SSH to the server. Go to this file ~/.aws/config there you will find AWS Key and AWS Secret replace that with the new key and secret of the account generated above.
Or you can run following and paste the Key and Access key when prompted and also the proper region for your EC2 instance.
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json