By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to List buckets on AWS CLI using IAM User with S3:FullAccess Permission

0
  1. I have created a user and assigned it S3:FullAccess Permission
  2. Generated the Access & Secret Keys for the same
  3. Using aws cli I first configured it and also double checked using aws configure list the entered access credentials
  4. The profile is not set but the access credentials are set properly
  5. trying to run aws s3 ls it fails stating "An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records."
  6. When I use the Cloud shell of AWS it connects successfully using the same access credentials and displays the result.
  7. After reading some answers I tried using root keys for accessing the same through aws cli by configuring it properly still it shows the same error "An error occurred (InvalidAccessKeyId) when calling the ListBuckets operation: The AWS Access Key Id you provided does not exist in our records."
Topics
StorageSecurity, Identity, & ComplianceManagement & Governance
Tags
Amazon Simple Storage ServiceAWS Identity and Access ManagementAWS Command Line Interface
Language
English
Richard
asked 21 days ago389 views
2 Answers
1

Hello.

Do the access keys set in the "credentials" file match the access keys checked with "aws configure list"?

cat ~/.aws/credentials

By the way, what value is in the "Type" column that you checked in "aws configure list"?
If the value in the "Type" column is "env", the access key may be read from an environment variable.
Therefore, you need to take measures such as deleting the environment variable or setting a new access key in the environment variable.
Access keys set in environment variables are used in preference to the "credentials" file.
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#configure-precedence

profile picture
EXPERT
Riku_Kobayashi
answered 21 days ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 21 days ago
  • Richard
    21 days ago

    yes the credentials used by aws configure are matching the /.aws/credentials files credentials. Moreover the Type mentioned is "shared-credentials-file"

  • Riku_Kobayashi EXPERT
    21 days ago

    What happens if I set it in an environment variable? If the same error occurs even if you set it as an environment variable, there is a possibility that the access key is incorrect in the first place, so please reissue it or check that you have copied the correct one. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

0

Hi,

Your issue comes from the setup of the CLI with uses unknown / invalid access key

See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

You have different ways of setting the IAM credentials on your machine: I personally use the env vars with standard names AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. But, you can use other ways: see doc above.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 21 days ago
  • Richard
    21 days ago

    So instead of aws configure I should just set system's env variable as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY and save it with the following values ,will it work than? Is this what you were stating above.

  • Richard
    21 days ago

    I went through the above doc and thought of creating access key from the CLI itself for that I would require this permission right? But this is not there in the policies list { "Version": "2012-10-17", "Statement": [ { "Sid": "CreateOwnAccessKeys", "Effect": "Allow", "Action": [ "iam:CreateAccessKey", "iam:GetUser", "iam:ListAccessKeys", "iam:TagUser" ], "Resource": "arn:aws:iam::*:user/${aws:username}" } ] }

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content