如何测试AWS Command Line Tools的凭证 [英] How to test credentials for AWS Command Line Tools

问题描述

是否存在可以传递给aws实用程序的命令/子命令，该命令/子命令可以1)验证~/.aws/credentials文件中的凭据是否有效，以及2)给出凭据所属的用户的某些指示?我正在寻找一种通用的东西，它不会对用户拥有IAM或任何特定服务的权限做出任何假设.

Is there a command/subcommand that can be passed to the aws utility that can 1) verify that the credentials in the ~/.aws/credentials file are valid, and 2) give some indication which user the credentials belong to? I'm looking for something generic that doesn't make any assumptions about the user having permissions to IAM or any specific service.

此用例是部署时的健全性检查，以确保凭据正确.理想情况下，如果凭据无效，将有某种方法可以检查返回值并中止部署.

The use case for this is a deploy-time sanity check to make sure that the credentials are good. Ideally there would be some way to check the return value and abort the deploy if there are invalid credentials.

推荐答案

使用 GetCallerIdentity :
aws sts get-caller-identity

与其他API/CLI调用不同，无论您具有IAM权限如何，它始终可以正常工作.

Unlike other API/CLI calls it will always work, regardless of your IAM permissions.

您将获得以下格式的输出:

You will get output in the following format:

{
    "Account": "123456789012", 
    "UserId": "AR#####:#####", 
    "Arn": "arn:aws:sts::123456789012:assumed-role/role-name/role-session-name"
}

完全 ARN格式取决于凭据的类型，但通常包括(人类)用户的名称.

Exact ARN format will depend on the type of credentials, but often includes the name of the (human) user.

它使用标准的 AWS CLI错误代码如果成功，则给出0，如果没有凭据，则给出255.

It uses the standard AWS CLI error codes giving 0 on success and 255 if you have no credentials.

这篇关于如何测试AWS Command Line Tools的凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！