AWS CLI Unable To Locate Credentials | A Quick Guide

“AWS CLI Unable To Locate Credentials” is an issue that can happen when you try to access AWS services through the AWS Command Line Interface (CLI). This error means that the CLI can’t find the access keys or IAM roles it needs to work with AWS resources. Usually, you have to configure or provide the correct credentials to fix this.

Understanding the Causes

The “Unable to locate credentials” error is usually caused by one of two things:

1. Wrong Configuration: If your AWS credentials are not set up properly in the AWS CLI, the CLI won’t be able to find the necessary credentials for authentication.
2. An Outdated Version of the AWS CLI: This mistake can also happen if you use an old version of the AWS CLI. To avoid compatibility problems, it’s important to keep your AWS CLI up to date.

Verifying AWS CLI Configuration

To fix the problem, you must make sure that your AWS credentials are set up correctly. You can use the following command to see if the AWS Command Line Interface (CLI) is set up with the necessary credentials:

$ aws configure list

When details are set up in the AWS CLI config file, the command will return something like this:

Name                    Value                    Type            Location
----                    -----                    ----            --------
profile                                 None            None
access_key             ****************ABCD      config_file    ~/.aws/config
secret_key             ****************ABCD      config_file    ~/.aws/config
region                 us-west-1 env AWS_DEFAULT_REGION

If environment settings are used to set up credentials, the answer will be something like this:

Name                   Value                     Type            Location
----                   -----                     ----            --------
profile                                 None            None
access_key             ****************N36N      env    
secret_key             ****************cxxy      env    
region                                  None            None

If the credentials are set up in a profile, for instance, the answer will look like this:

Name                    Value                    Type              Location
----                    -----                    ----              --------
profile                                 None               None
access_key             ****************YVEQ      iam-role
secret_key             ****************2a9N      iam-role
region                                  None               None

If the command gives the following result, it means that no passwords have been set up:

Name                    Value             Type                Location
----                    -----             ----                --------
profile                          None                None
access_key                       None                None
secret_key                       None                None
region                           None                None

By looking at the answer to the ‘aws configure list’ command, we can tell if the passwords are missing or wrong.

Setting and Viewing Credentials

With the AWS CLI, you can use the ‘aws configure’ tool to set and see your credentials, region, and output format, as well as to change them. Here’s what I mean:

AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE  
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY  
Default region name [None]: us-west-2  
Default output format [None]: json

Also, you can set any credentials or setup settings with the ‘aws configure set’ command. With the ‘–profile’ setting, you can tell the program which character you want to change. Forinstance, the following command changes the region for the “Codeyo Genie” profile:

aws configure set region us-west-2 --profile Codeyo Genie

Use an empty string as the value to get rid of a setting, or use a text editor to delete the setting from the config and password files. For example, the “Codeyo Genie” profile’s CLI pager setting can be taken away with the following command:

aws configure set cli_pager "" --profile Codeyo Genie

Don’t forget that keeping your AWS CLI version up-to-date is a must if you want to avoid mistakes. Make sure you are always using the latest version of the AWS CLI by checking for changes.

The Way Things Really Are

Let’s look at a real-world situation in which a user gets the “Unable to locate credentials” error while running a shell script that downloads files from S3 and mounts an EBS drive. The customer gets the error message “Unable to locate credentials.” This is the code that the person used:

AWS_CONFIG_FILE="~/.aws/config"

echo $1

sudo mkfs -t ext4 $1
sudo mkdir /s3-backup-test
sudo chmod -R ugo+rw /s3-backup-test
sudo mount $1 /s3-backup-test

sudo aws s3 sync s3://backup-test-s3 /s3-backup/test

du -h /s3-backup-test

When we looked at the code, we saw that the person was running the script with ‘sudo’ but using their normal user credentials. To fix the “unable to locate credentials” error, our support team suggests either running all AWS-related operations as root or running them as a normal user. The problem is caused by the fact that ‘sudo’ changes the ‘$HOME’ path to ‘/root’ and removes important bash variables from the environment, such as ‘AWS_CONFIG_FILE’.

Conclusion

In this detailed guide to fixing problems, we looked at the “Unable to locate credentials” error that AWS CLI users often get. You can fix this error by checking and fixing the AWS CLI configuration, setting and viewing credentials correctly, and knowing what could go wrong in the real world. Make sure that your AWS CLI version is always up to date and that you follow best practices when working with AWS.