mtdowling
commented
8 years ago The CLI relies the Amazon EC2 API to determine if a request with --dry-run will succeed or not. We've seen a lot of requests for better --dry-run support from EC2, but this is something that must be implemented server side. We will forward this issue to the EC2 API team as a feature request for better dry run support.
sysv
With this configuration:
$ aws --version aws-cli/1.8.12 Python/2.7.10 Darwin/15.0.0
The AWS-CLI is not reporting user permission as to whether the user can actually upload EC2 images (or not). I get the following output, with an AWS account that does not have the ability to upload images. The command should report back, using sole arg --dry-run, and with no additional arguments, a simple check to see whether I am doing an 'UnauthorizedOperation', ....or not, w.r.t. being able to upload images. Here is how to reproduce:
Case I: Perform a Dry-Run upload, w/o any other arg, to confirm permissions to upload. AWS-CLI incorrectly reports user has permissions to upload, which is not true.
$ aws ec2 import-image --dry-run A client error (DryRunOperation) occurred when calling the ImportImage operation: Request would have succeeded, but DryRun flag is set.
Case II: Attempt an upload with mostly a full set of args, without the -dry-run flag set, and then AWS-CLI finally reports in stdio/stderr the lack of user-permissions to upload.
$ aws ec2 import-image --description Windows_Server_2012 --license-type BYOL --architecture x86_64 --platform Windows A client error (UnauthorizedOperation) occurred when calling the ImportImage operation: You are not authorized to perform this operation.