Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Wrong/old AWS IAM Users showing on aws cli

0

AWS CLI showing different users than 'Correct users' in AWS Cloudshell or AWS Console browser I think the AWS CLI is connected to old root account that had these users, however, i have created another Amazon root-user-account but cannot see them in aws cli. Commands used on cli (windows):

  1. 'aws configure' -> entered the new user access-key-id and secret-access-key, these updated the '.aws\credentials' and '.aws\config'
  2. 'aws iam list-users' -> list of users are not the users newly created
  3. 'aws sts get-caller-identity' -> doesn't show the new user-id

Pls inform the steps to see the IAM users created with new aws root-user-account

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Command Line Interface
Language
English
asked 2 years ago757 views
2 Answers
0
Accepted Answer

Hello.

Are you running the command on your local Windows PC?
Can you confirm that the access key settings are read from the credential file when you run the command below?

aws configure list

Below is an example of the response when the command is executed.
If the type column is "env", it is read from environment variables, so please check if the environment variables of your Windows PC are set.

      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************ABCD shared-credentials-file
secret_key     ****************EDGH shared-credentials-file
    region                us-east-2      config-file    ~/.aws/config
EXPERT
answered 2 years ago
EXPERT
reviewed a year ago
  • Gagan
    2 years ago

    Hi Riku, The response of the 'aws configure list' on my Windows PC Name Value Type Location ---- ----- ---- -------- profile ga****-**** env ['AWS_PROFILE', 'AWS_DEFAULT_PROFILE'] access_key ****************7YGU env secret_key ****************8DI5 env region us-east-1 env ['AWS_REGION', 'AWS_DEFAULT_REGION']

    However, these access_key and secret_key is not matching the one created with new root-user account. Looks like these are from previous aws account.

  • Riku_Kobayashi EXPERT
    2 years ago

    Thank you for confirmation. Access keys have an order in which they are loaded, and if they are set in an environment variable, they will be loaded first. In your case, the access key is read from the environment variable, so please check whether the access key is set in the environment variable of the Windows PC. If it is set as an environment variable, delete it and it will be read from the credentials file.

    Control Panel -> System and Security -> System -> Advanced System Settings -> Environment Variables
  • Gagan
    2 years ago

    Hi Riku, Thanks for advice! Removing the aws access_key system environments, i can able to see the correct users

0

It sounds like your AWS CLI is still pulling credentials from an older session, even after updating your config. A couple of things to check: Run aws sts get-caller-identity again after clearing any environment variables: bash Copy Edit unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN Make sure you’re using the correct profile:

bash Copy Edit aws iam list-users --profile your-new-profile If you're still seeing old users, double-check that the access keys you used actually belong to the new account — not a reused IAM user.

Also, remember that IAM users are account-specific — you won’t see users from one root account in another, even if the email addresses or names are similar.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content