Lots of people use aws s3 ls
to check that they have valid credentials.
If it succeeds, they assume they are good to go.
Even AWS blog tutorials often use it.
They're all wrong.
There's multiple things wrong with using aws s3 ls
to check credential validity.
The first is that it has an IAM permission, s3:ListAllMyBuckets
, associated with it.