AWS CLI listing S3 buckets gives SignatureDoesNotMatch error using IAM user credentials

Piyush dhore picture Piyush dhore · Jun 19, 2016 · Viewed 29.4k times · Source

I am using AWS cli on Ubuntu 16.04 LTS, I am trying to list all buckets. In aws configure I have input the IAM user access key and IAM user secret key. This IAM user has permissions to list bucket and can list bucket in console.But using AWS cli with these keys and running command - aws s3 ls it is giving me this error.

A client error (SignatureDoesNotMatch) occurred when calling the ListBuckets operation: The request signature we calculated does not match the signature you provided. Check your key and signing method.

I have created a policy to list buckets for this particular IAM user also.

I want to perform further sync operations and make all files public operations via a shell script using this IAM user credentials and do not want to use root credential.

Answer

schmudu picture schmudu · Mar 19, 2018

Found my issue. I had old AWS keys in my environment variables. If you have environment variables named

AWS_SECRET_ACCESS_KEY
AWS_ACCESS_KEY_ID

the awscli will use those values instead of what is provided via ~/.aws/credentials.

Try running printenv | grep AWS and verify that those values aren't set. If so then just run a

unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID

and you should be good to go.