AWS CLI Client.UnauthorizedOperation even when keys are set

amazon-ec2 aws-cli
wislo picture wislo · Jan 29, 2015 · Viewed 36.5k times · Source

I am trying to setup AWS CLI tools and was following instructions at http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/set-up-ec2-cli-linux.html#setting_up_ec2_command_linux

However, after following all the steps and setting up my AWS_ACCESS_KEY and AWS_SECRET_KEY, I get

$ ec2-describe-regions
Client.UnauthorizedOperation: You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request ID: 55f02cc4-2e9f-4a0a-8b55-46bcc1973f50)

I then tried regenerating new credentials, but still getting the same error. I couldn't seem to find information about anyone else having this issue. I tried passing the keys using -O and -W, but that doesn't work either.

Any idea what I might be doing wrong?

Answer

lfender6445 picture lfender6445 · Jul 9, 2015

I am on free tier and found it easier to grant administrator policy to single user, which supports access from all of the amazon command line tools. you can downgrade the policy at a later time if you feel the policy is too lenient.

  1. visit https://console.aws.amazon.com/iam/home
  2. select policies in left hand menu
  3. create administrator policy from amazons existing policies
  4. select administrator checkbox and attach to your user

aws policy grant

Assuming you have set up your access keys, you should now have full command line access for given user.

before

› ec2-describe-regions
Client.UnauthorizedOperation: You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request ID: 3398ed18-1caf-4c04-865b-a54f796c653c)

after

› ec2-describe-regions
REGION  eu-central-1    ec2.eu-central-1.amazonaws.com
REGION  sa-east-1   ec2.sa-east-1.amazonaws.com
REGION  ap-northeast-1  ec2.ap-northeast-1.amazonaws.com
REGION  eu-west-1   ec2.eu-west-1.amazonaws.com
REGION  us-east-1   ec2.us-east-1.amazonaws.com
REGION  us-west-1   ec2.us-west-1.amazonaws.com
REGION  us-west-2   ec2.us-west-2.amazonaws.com
REGION  ap-southeast-2  ec2.ap-southeast-2.amazonaws.com
REGION  ap-southeast-1  ec2.ap-southeast-1.amazonaws.com

amazons UX takes some time before you get used to it

Related questions

Error You must specify a region when running command aws ecs list-container-instances

I am trying to use aws container service as per the documentation in http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_GetStarted.html The below error is thrown when running the command: aws ecs list-container-instances --cluster default You must …

Read More
List public IP addresses of EC2 instances

I want to list the public IP addresses of my EC2 instances using Bash, separated by a delimiter (space or a new-line). I tried to pipe the output to jq with aws ec2 describe-instances | jq, but can't seem to isolate …

Read More
How to use awscli inside python script?

I'm using aws ec2 service with awscli. Now I want to put all the commands I type in the console into a python script. I see that if I write import awscli inside a python script it works fine but …

Read More