garnaat
commented
11 years ago My first question is, what version of aws-cli (and botocore) are you using?
Secondly, could you try running the command with the --debug option?
Thanks
Closed bortels closed 11 years ago
garnaat
commented
11 years ago My first question is, what version of aws-cli (and botocore) are you using?
Secondly, could you try running the command with the --debug option?
Thanks
bortels
commented
11 years ago Let's see --- aws is 0.6.0, botocore is 0.6.0 as well.
Here's the fail --debug:
W015190:Desktop bortels$ aws iam list-users --debug --profile audit 2013-02-25 08:57:03,816 - botocore.base - DEBUG - Attempting to Load: aws/_services/iam 2013-02-25 08:57:03,817 - botocore.base - DEBUG - Attempting to Load: aws 2013-02-25 08:57:03,817 - botocore.base - DEBUG - Attempting to Load: aws/_services 2013-02-25 08:57:03,817 - botocore.base - DEBUG - Found data file: /Library/Python/2.7/site-packages/botocore-0.6.0-py2.7.egg/botocore/data/aws/_services.json 2013-02-25 08:57:03,818 - botocore.base - DEBUG - Attempting to Load: aws/_services/iam 2013-02-25 08:57:03,818 - botocore.base - DEBUG - Attempting to Load: aws/iam 2013-02-25 08:57:03,851 - botocore.base - DEBUG - Found data file: /Library/Python/2.7/site-packages/botocore-0.6.0-py2.7.egg/botocore/data/aws/iam.json Traceback (most recent call last): File "/Library/Python/2.7/site-packages/awscli-0.6.0-py2.7.egg/awscli/clidriver.py", line 259, in call endpoint_url=self.args.endpoint_url) File "/Library/Python/2.7/site-packages/botocore-0.6.0-py2.7.egg/botocore/service.py", line 107, in get_endpoint region_name=region_name) ServiceNotInRegionError: Service iam not available in region us-west-1
In the successful run, the context changes after trying to load iam.json:
2013-02-25 08:57:19,039 - botocore.base - DEBUG - Attempting to Load: aws/iam 2013-02-25 08:57:19,076 - botocore.base - DEBUG - Found data file: /Library/Python/2.7/site-packages/botocore-0.6.0-py2.7.egg/botocore/data/aws/iam.json 2013-02-25 08:57:19,102 - botocore.credentials - INFO - Found credentials in config file 2013-02-25 08:57:19,102 - botocore.operation - DEBUG - {} 2013-02-25 08:57:19,102 - botocore.operation - DEBUG - {} ... and so on for a successful execution.
I do notice looking in that file the following:
"metadata": {
"regions": {
"us-east-1": "https://iam.amazonaws.com/",
"us-gov-west-1": "https://iam.us-gov.amazonaws.com/"
},My default region is us-west-1; if I force "us-east-1", it works with the --profile, giving me an ugly but serviceable workaround, given IAM is realmless.
FWIW - I tried simply adding "us-west-1" to the bit of XML above, same error, so there's something deeper going on than it simply being missing from the list.
Thanks for the boost - I'm moving forward again, and hopefully the above gives what is needed to fix this. If I can provide any other info, please let me know.
garnaat
commented
11 years ago I think the issue with the handling of the default endpoint for services with global endpoints has been fixed. Are you still having problems with this?
bortels
commented
11 years ago Sorry for the delay in replying - no, this seems to be working fine now. Thanks!
jamesls
commented
11 years ago Good to hear, closing now.
Here's hoping it's not my own error...
I'm trying to make an IAM audit account - when I run with master credentials, it works:
W015190:~ bortels$ aws iam list-users | grep Name "UserName": "audit", "UserName": "cloudability", ... and more
But when I use my IAM credentials (either the default "read-only" set, or the default "admin" set), it fails:
W015190:~ bortels$ aws iam list-users --profile audit Service iam not available in region us-west-1
No help blowing away the default region: W015190:~ bortels$ export AWS_DEFAULT_REGION= W015190:~ bortels$ aws iam list-users --profile audit Service iam not available in region
-- bortels@gmail.com