# AWS CLI v2
{% hint style="success" %}
Given that WorkSpaces Manager (WSM) runs on Windows, we are not adding specifics for Linux or MacOSX.
{% endhint %}
Below are the steps to install AWS CLI v2 on WSM (Windows-based) and perform basic troubleshooting to validate credentials and permissions. Use the official [AWS website](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) for information.
## **Step 1: Install AWS CLI v2**
1. From PowerShell, as an elevated user (Administrator), run the `.msi` installer with command:
```powershell
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
```
1. Follow the on-screen instructions to complete the installation.
2. Confirm the installation by opening a command prompt and running:
```powershell
aws --version
```
The output should display the installed version of AWS CLI.
{% hint style="warning" %}
If you don't have **Access keys**, you'll need to create them for some of these commands. To do this, navigate to your IAM user on the AWS console, go to the **Security Credentials** section, scroll down, and create a new set of access keys. Be sure to download and save the file securely, as the secret key will only be visible at the time of creation and cannot be retrieved later from the console.
{% endhint %}
## **Step 2: Check AWS CLI configuration**
* Run the configuration command to to display the current credentials, ensuring they are set to a type of "iam-role":
```
aws configure list
```
* This command will show:
* **Configured credentials**
* **Profile**
* **Default Region Name** (e.g., `eu-central-1`)
Run the configuration command to to display the current credentials, ensuring they are set to a type of "iam-role":
* To see the active credentials and their source:
```
aws sts get-caller-identity
```
This command returns the AWS account ID, user/role ARN, and the user/role making the call.
## Step 3: Test Access to AWS Endpoints
Run a simple command to verify connectivity to the relevant AWS services:
* WorkSpaces:
```
aws workspaces describe-workspaces
```
* Directories:
```
aws ds describe-directories
```
* S3 (if applicable):
```
aws s3 ls
```
If the commands return valid results, your configuration and permissions are correct.
## Step 4: Debugging Permission Issues
* If a command fails with a `403 Access Denied` or `You are not authorized to perform this operation` error, verify:
* The IAM Policy and Instance Role attached to the EC2 Instance includes the necessary permissions.
* The resource (e.g., WorkSpaces or Directories) exists in the configured region.
* Use the `--debug` flag to get more details about the API call:
```
aws workspaces describe-workspaces --debug
```
Look for errors such as missing permissions or endpoint issues.
## Step 5: Verify Network Connectivity
* Ensure your WSM instance can access AWS endpoints.
* Test connectivity to the AWS WorkSpaces Service Endpoints via browser:
```
https://workspaces..amazonaws.com
```
Example:
{% embed url="" %}
* If there is a response, even in form of error, we can assume that there is connectivity.
* If connectivity fails, check the network settings, such as VPC, security groups, firewall and proxy configuration.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.nuvens.cloud/install/appendices/aws-cli-v2.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.