Validate a User's Credentials with AWS CLI

avatar

Borislav Hadzhiev

Last updated: Sep 20, 2021

banner

Check out my new book

Validating a User's Credentials with AWS CLI #

To validate a user's credentials with the AWS CLI, run the sts get-caller-identity command. The command returns details about the user's credentials if they are valid, otherwise it throws an error.

Let's run the get-caller-identity command on the default profile:

shell
aws sts get-caller-identity

default profile valid user

The output of the command shows that the caller has been successfully identified, therefore their credentials are valid.

To validate the credentials of a named profile with AWS CLI, run the sts get-caller-identity command passing in the --profile parameter.

shell
aws sts get-caller-identity --profile YOUR_PROFILE

named profile valid user

The output shows that the named profile also has valid credentials.

Let's now test the other scenario. I'll update the secret access key of the default profile to be incorrect and then I'll rerun the sts get-caller-identity command.

shell
aws sts get-caller-identity

default profile invalid user

The get-caller-identity command was unable to identify the caller because the configured secret access key is incorrect and we got a SignatureDoesNotMatch error.

Further Reading #

Use the search field on my Home Page to filter through my more than 3,000 articles.