Skip to content

AWS Check Script

A quick way to confirm that AWS is set up to some minimal level of "working."

Things to check

  • aws cli is installed and in the PATH by checking its version
  • The aws cli has an active login (returns the role in the ARN)
  • TODO: check permissions match some minimim via aws iam list-attached-role-policies --role-name <ROLE> and aws iam get-policy

Example scripts

AWS uses environment variables to change the behavior of the AWS CLI on a per-session basis. These can be overridden by using specific command-line options.

See Environment variables to configure the AWS CLI (archive.org link so you see it the same way I'm seeing it as this gets written.)

  • AWS_REGION: the region you'll be sending AWS requests into. This does not need to match the region you're creating resources in.
  • AWS_PROFILE: the login profile you're using to establish your AWS credentials. This must match the profile name when an SSO credential profile is created with aws configure sso --profile <NAME> which is the same as the value provided to the "CLI profile name" prompt

Bash

Bash environment setup:

export AWS_REGION="us-east-2" # or whatever region you use for SSO logins
export AWS_PROFILE="sbonds-manning-2" # Your profile name will be different

Bash script:

#!/bin/bash

# Simple error handling function that displays the message passed in and exits with a nonzero status indicating a problem
function bail {
  echo "FAILED: ${1:-"DOUBLE FAIL: No error message provided"}" 1>&2
  exit 1
}

echo "Checking aws --version"
# If you just installed the AWS CLI, to get the changes it makes to your PATH usually you need to close
# the current bash shell (e.g. log out) and start a new one (e.g. log back in again.)
if aws --version; then echo "aws --version: OK"; else bail "Problem running 'aws --version', check that the AWS CLI is installed and in your PATH"; fi

echo "Checking aws sts get-caller-identity"
# There's a lot that can go wrong here, which is why this is used as a check. This ensures that the AWS CLI has some sort of
# identity associated with it, usually by completing an `aws sso login` process.
if aws sts get-caller-identity; then echo aws sts get-caller-identity: OK; else bail "Problem running 'aws sts get-caller-identity', check that you have set up an aws login for the aws CLI"; fi