AWS CLI v2

AWS CLI (Command Line Interface) v2 is a powerful tool that allows to manage AWS services from the command line.

Given that WorkSpaces Manager (WSM) runs on Windows, we are not adding specifics for Linux or MacOSX.

Below are the steps to install AWS CLI v2 on WSM (Windows-based) and perform basic troubleshooting to validate credentials and permissions. Use the official AWS website for information.

Step 1: Install AWS CLI v2

From PowerShell, as an elevated user (Administrator), run the .msi installer with command:

msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi

Follow the on-screen instructions to complete the installation.
Confirm the installation by opening a command prompt and running:

aws --version

The output should display the installed version of AWS CLI.

If you don't have Access keys, you'll need to create them for some of these commands. To do this, navigate to your IAM user on the AWS console, go to the Security Credentials section, scroll down, and create a new set of access keys. Be sure to download and save the file securely, as the secret key will only be visible at the time of creation and cannot be retrieved later from the console.

Step 2: Check AWS CLI configuration

Run the configuration command to to display the current credentials, ensuring they are set to a type of "iam-role":
```
aws configure list
```

This command will show:
- Configured credentials
- Profile
- Default Region Name (e.g., eu-central-1)

Run the configuration command to to display the current credentials, ensuring they are set to a type of "iam-role":

To see the active credentials and their source:

aws sts get-caller-identity

This command returns the AWS account ID, user/role ARN, and the user/role making the call.

Step 3: Test Access to AWS Endpoints

Run a simple command to verify connectivity to the relevant AWS services:

WorkSpaces:
```
aws workspaces describe-workspaces
```

Directories:
```
aws ds describe-directories
```

S3 (if applicable):
```
aws s3 ls
```

If the commands return valid results, your configuration and permissions are correct.

Step 4: Debugging Permission Issues

If a command fails with a 403 Access Denied or You are not authorized to perform this operation error, verify:
- The IAM Policy and Instance Role attached to the EC2 Instance includes the necessary permissions.
- The resource (e.g., WorkSpaces or Directories) exists in the configured region.
Use the --debug flag to get more details about the API call:
```
aws workspaces describe-workspaces --debug
```

Look for errors such as missing permissions or endpoint issues.

Step 5: Verify Network Connectivity

Ensure your WSM instance can access AWS endpoints.
Test connectivity to the AWS WorkSpaces Service Endpoints via browser:
```
https://workspaces.<region>.amazonaws.com
```

Example:

If there is a response, even in form of error, we can assume that there is connectivity.
If connectivity fails, check the network settings, such as VPC, security groups, firewall and proxy configuration.

PreviousIAM Policies in JSON format NextLDAP (Active Directory) Troubleshooting for WSM

Last updated 3 months ago