awscli question:

Question

I created a user in IAM identity center. Then I opened a terminal, and then use aws sso login to get the login session successfully. But when I ran aws ec2 describe-regions command in the same terminal, I got the error below: 
aws ec2 describe-regions

An error occurred (ForbiddenException) when calling the GetRoleCredentials operation: No access

My IAM identity center user has already been granted  AdministratorAccess permission.

Any idea on the solution to fix this issue?

Thanks,

Answer

It may be linked to the configuration settings in your AWS environment. To ensure the correct setup, use the following command with your AWS CLI, specifying your SSO profile. This will help verify that your SSO profile is correctly configured and has the necessary permissions:

```batch
aws ec2 describe-regions --profile your-profile-name
```
> 💡 I suspect that the SSO configuration isn't properly set up in your terminal.

---

Try to configure your AWS environement:

1.  [Configure the SSO Profile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configure/sso.html): `aws configure sso --profile your-profile-name`
2.  [Login Using SSO](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sso/login.html): `aws sso login --profile your-profile-name`
3. Try previous command: `aws ec2 describe-regions --profile your-profile-name`

awscli question:

関連するコンテンツ