AWS CLI listing S3 buckets gives SignatureDoesNotMatch error using IAM user credentials
Solution 1
Found my issue. I had old AWS keys in my environment variables. If you have environment variables named
AWS_SECRET_ACCESS_KEY
AWS_ACCESS_KEY_ID
the awscli will use those values instead of what is provided via ~/.aws/credentials
.
Try running printenv | grep AWS
and verify that those values aren't set. If so then just run a
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
and you should be good to go.
Solution 2
In my case, this was due to incorrect aws_secret_access_key
.
To check, open the file ~/.aws/credentials by typing:
cat ~/.aws/credentials
The content should be something like below:
[default]
aws_access_key_id = xxx
aws_secret_access_key = xx
See if the aws_access_key_id
& aws_secret_access_key
matches your credentials. If it doesn't, edit and save changes.
p/s: If you don't remember your aws_secret_access_key
, generate a new key and secret by going to aws console --> your name --> My Security Credentials.
Then click 'Create access key':
Take note that you can only have two access keys at a time.
Solution 3
This error is because of incorrect aws s3 access key/secret key.
Solution 4
It means that your AWS security credentials got expired. Simply creating new credentials will work.
- Go to your AWS account -> My security credentials
- click on
Create New Access Key
. Make a note of access key id and secret access key - Run
aws configure
and enter new credentials
Solution 5
Can happen even when the machine time is not in sync with the NT server.
sudo ntpdate ntp.ubuntu.com
helped me solve this problem.
Piyush dhore
Updated on August 26, 2021Comments
-
Piyush dhore over 2 years
I am using AWS cli on Ubuntu 16.04 LTS, I am trying to list all buckets. In aws configure I have input the IAM user access key and IAM user secret key. This IAM user has permissions to list bucket and can list bucket in console.But using AWS cli with these keys and running command - aws s3 ls it is giving me this error.
A client error (SignatureDoesNotMatch) occurred when calling the ListBuckets operation: The request signature we calculated does not match the signature you provided. Check your key and signing method.
I have created a policy to list buckets for this particular IAM user also.
I want to perform further sync operations and make all files public operations via a shell script using this IAM user credentials and do not want to use root credential.