IAM credentials not found on AWS CLI

问题

I'm trying to automate a db backup upload to s3 on an ubuntu machine. I have the db backup generating correctly, but when I try to upload to s3 I get the following error:

 A client error (InvalidAccessKeyId) occurred when calling the PutObject 
operation: The AWS Access Key Id you provided does not exist in our records.

I used the command line aws configure command to configure my credentials, then opened the ~/.aws/config file and made sure it was correct. I also ran

aws configure list

and received the following:

      Name                    Value             Type    Location
    ----                    -----             ----    --------
   profile                <not set>             None    None
   access_key     ****************B6YQ      config_file    ~/.aws/config
   secret_key     ****************Vstu      config_file    ~/.aws/config
   region               cn-north-1      config_file    ~/.aws/config

When that didn't work I tried regenerating new credentials for both the root user and the IAM user, but that still didn't work. I tried the IAM simulator to see if the S3 put command would work and it did.

Does anyone have any ideas as to what I can do?

回答1:

From Configuring the AWS CLI:

The AWS CLI uses a provider chain to look for AWS credentials in a number of different places, including system or user environment variables and local AWS configuration files.

The AWS CLI looks for credentials and configuration settings in the following order:

1. Command Line Options – region, output format and profile can be specified as command options to override default settings.

2. Environment Variables – AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc.

3. The AWS credentials file – located at ~/.aws/credentials on Linux, macOS, or Unix, or at C:\Users\USERNAME \.aws\credentials on Windows. This file can contain multiple named profiles in addition to a default profile.

4. The CLI configuration file – typically located at ~/.aws/config on Linux, macOS, or Unix, or at C:\Users\USERNAME \.aws\config on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.

5. Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.

It is also possible that you have the AWS_DEFAULT_PROFILE set, which overrides which credentials are used in the configuration file.

来源：https://stackoverflow.com/questions/44541746/iam-credentials-not-found-on-aws-cli