Simplify AWS CLI Troubleshooting with My Custom Debug Script

Working with AWS CLI can sometimes feel like navigating a maze, especially when it comes to managing credentials and configurations. Misconfigurations or missing credentials can halt your work, leading to frustration and lost productivity. To address this common issue, I’ve crafted a handy Bash script to streamline the debugging process for AWS CLI credentials.

What Does the Script Do?

This script serves as a diagnostic tool, systematically checking various aspects of your AWS configuration. It outputs crucial information regarding your AWS environment, making it easier to identify and fix issues. Here’s a rundown of its features:

Here is an usage example:

$ ./

================== Environment variables =======================================

================== aws configure list ==========================================
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key                <not set>             None    None
secret_key                <not set>             None    None
    region                <not set>             None    None

================== aws sts get-caller-identity =================================

Unable to locate credentials. You can configure credentials by running "aws configure".

================== aws configure list-profiles =================================

================== ~/.aws/config ===============================================
[profile terraform]
sso_start_url =
sso_region = eu-west-1
sso_account_id = 866109354512
sso_role_name = AdministratorRole
region = eu-west-1
output = yaml

[profile management-admin]
sso_start_url =
sso_region = eu-west-1
sso_account_id = 866109354512
sso_role_name = AdministratorRole
region = eu-west-1
output = yaml

[profile security-admin]
sso_start_url =
sso_region = eu-west-1
sso_account_id = 274407225643
sso_role_name = AdministratorRole
region = eu-west-1
output = yaml

================== versions ====================================================
aws-cli/2.3.1 Python/3.8.8 Darwin/21.6.0 exe/x86_64 prompt/off
EB CLI 3.20.9 (Python 3.11.5 (main, Aug 24 2023, 15:23:30) [Clang 14.0.0 (clang-1400.0.29.202)])
Python 3.11.5
Terraform v1.5.0
on darwin_amd64

Your version of Terraform is out of date! The latest version
is 1.6.6. You can update by downloading from

Environment Variables Verification

Firstly, the script checks for the presence of essential AWS environment variables: AWS_PROFILE, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. It reports whether these variables are set and, if so, whether they are populated or empty.

AWS Configuration Listings

Next, the script executes aws configure list, displaying the current configuration status.

Identity Confirmation

By running aws sts get-caller-identity, the script confirms the identity that the AWS CLI is operating under and wether or not it is recognized by the AWS API.

Profile Listings

The script also lists all the configured profiles through aws configure list-profiles. This is particularly useful in environments where multiple profiles are used.

Config File Display

It prints the contents of the ~/.aws/config file. This file typically contains your AWS CLI configurations and is a common source of issues.

Version Checks

Finally, the script checks the versions of various AWS-related tools such as AWS CLI, Elastic Beanstalk CLI, Python, and Terraform. Version mismatches can often lead to unexpected errors.

Customizable for Specific Profiles

An additional feature of the script is its ability to take a profile name as an argument. If provided, it will run the aws configure list and aws sts get-caller-identity commands for that specific profile, further aiding in debugging issues related to specific AWS CLI profiles.

Script code