{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《AWS validating Credentials》','https://www.manongdao.com/q-1087734.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Say I get a set of access keys from a user, Is there a way to validate them?
For now I'm making simple API calls to methods like, describeVolumes(), describeLoadBalancers() or describeAddresses() and work with Exception codes to validate the Credentials.
But what if I don't know the service? Is there a better way to validate the Credentials?
If you simply wish to validate whether the Credentials are "correct", then your current method is good:
InvalidAccessKeyIdthen the credentials are invalidThis is different to checking whether the user has Permissions to make the API call. Determining whether they have the correct permissions could be done using the IAM Policy Simulator or by attempting a call and checking the response (eg
AccessDenied).Take a look at the AWS IAM API, specifically the GetUser function. From the description: