astroctl_cloud_aws_selfHosted_validate
astroctl cloud aws selfHosted validate
Pre-flight validation of AWS credentials and resources
Synopsis
Validate AWS credentials and self-hosted prerequisites without storing anything.
Checks:
- AWS credentials are valid (STS GetCallerIdentity)
- Account ID matches the detected value (or --account-id if provided)
- S3 state store bucket exists and is accessible
Credentials are resolved in this order:
- Explicit --access-key / --secret-key flags
- --profile flag (reads from ~/.aws/credentials)
- Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
- Default credential chain (~/.aws/credentials default profile, EC2 instance role, etc.)
astroctl cloud aws selfHosted validate [flags]
Examples
# Validate with auto-detected credentials (from env or ~/.aws/credentials)
astroctl cloud aws selfHosted validate --bucket prod-astro-plane-k8s-state-store --region us-west-2
# Validate with a named AWS profile
astroctl cloud aws selfHosted validate --profile prod \
--bucket prod-astro-plane-k8s-state-store --region us-west-2
# Validate with explicit credentials
astroctl cloud aws selfHosted validate --account-id 123456789012 \
--access-key AKIA... --secret-key ... --bucket prod-astro-plane-k8s-state-store --region us-west-2
Options
--access-key string AWS access key ID (or set AWS_ACCESS_KEY_ID)
--account-id string AWS account ID (12 digits) — optional, auto-detected from credentials
--bucket string S3 bucket name for state store (required)
-h, --help help for validate
--profile string AWS profile name from ~/.aws/credentials
--region string AWS region (e.g., us-west-2) (required)
--secret-key string AWS secret access key (or set AWS_SECRET_ACCESS_KEY)
--session-token string AWS session token (or set AWS_SESSION_TOKEN)
Options inherited from parent commands
-o, --output string Output format (json|yaml) (default "yaml")
SEE ALSO
- astroctl cloud aws selfHosted - Self-hosted cluster prerequisite management