AWS
IAMInvalidUserIDNotFound - IAM Invalid User ID Not Found
Getting an **IAMInvalidUserIDNotFound** error means the IAM user you specified doesn't exist—the user might have been deleted, the name is misspelled, or it's in a different AWS account. This client-side error (4xx) happens when AWS validates IAM user existence. Most common when user names are misspelled, but also appears when users don't exist, users have been deleted, incorrect user name formats are used, or users are in different AWS accounts.
#Common Causes
- →Identity: IAM user doesn't exist in account. Service Control Policy (SCP) restricts user access.
- →Network: VPC endpoint IAM user restrictions. Cross-account user access.
- →Limits: User name misspelled. User does not exist. User has been deleted. Incorrect user name format. User in different AWS account.
✓Solutions
- 1Step 1: Diagnose - List all IAM users: aws iam list-users --query 'Users[*].[UserName,UserId]' --output table. Check if user name is in the list. Verify user name spelling.
- 2Step 2: Diagnose - Search for similar user names: aws iam list-users --query "Users[?contains(UserName, 'PARTIAL_NAME')].UserName" --output table. Find correct user name.
- 3Step 3: Diagnose - Check if user was deleted: Review CloudTrail logs: aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=DeleteUser. Or check user details: aws iam get-user --user-name USER_NAME.
- 4Step 4: Fix - Use correct user name: Verify user name from list. Check for typos. Use exact user name (case-sensitive). Verify user name format.
- 5Step 5: Fix - Create user if needed: If user doesn't exist, create it: aws iam create-user --user-name USER_NAME. Or verify user exists in your account: aws iam get-user --user-name USER_NAME.
</>Code Examples
List All IAM Users to Find Correct Name
1#!/bin/bash
2echo "=== All IAM Users ==="
3aws iam list-users \
4 --query 'Users[*].[UserName,UserId,CreateDate]' \
5 --output table
6
7# Search for specific user
8USER_NAME="my-user"
9echo "\n=== Searching for User: ${USER_NAME} ==="
10
11if aws iam get-user --user-name ${USER_NAME} &>/dev/null; then
12 echo "✓ User ${USER_NAME} exists"
13
14 # Get user details
15 echo "\n=== User Details ==="
16 aws iam get-user --user-name ${USER_NAME} \
17 --query 'User.[UserName,UserId,CreateDate,Arn]' \
18 --output table
19else
20 echo "✗ User ${USER_NAME} not found (IAMInvalidUserIDNotFound)"
21
22 echo "\n=== Similar User Names ==="
23 aws iam list-users \
24 --query "Users[?contains(UserName, 'my')].[UserName,UserId]" \
25 --output table
26fiCheck User Access Keys and Groups
1#!/bin/bash
2USER_NAME="my-user"
3
4echo "=== Checking User Access Keys ==="
5aws iam list-access-keys --user-name ${USER_NAME} \
6 --query 'AccessKeyMetadata[*].[AccessKeyId,Status,CreateDate]' \
7 --output table 2>&1
8
9if [ $? -ne 0 ]; then
10 echo "✗ User ${USER_NAME} not found (IAMInvalidUserIDNotFound)"
11else
12 echo "\n=== User Groups ==="
13 aws iam get-groups-for-user --user-name ${USER_NAME} \
14 --query 'Groups[*].GroupName' \
15 --output table
16
17 echo "\n=== User Attached Policies ==="
18 aws iam list-attached-user-policies --user-name ${USER_NAME} \
19 --query 'AttachedPolicies[*].PolicyName' \
20 --output table
21fiCheck CloudTrail for User Deletion Events
1#!/bin/bash
2USER_NAME="my-user"
3
4echo "=== Checking CloudTrail for User Deletion ==="
5aws cloudtrail lookup-events \
6 --lookup-attributes AttributeKey=EventName,AttributeValue=DeleteUser \
7 --max-results 10 \
8 --query 'Events[*].[EventTime,CloudTrailEvent]' \
9 --output text | while read time event; do
10 DELETED_USER=$(echo "${event}" | jq -r '.requestParameters.userName' 2>/dev/null)
11 if [ "${DELETED_USER}" = "${USER_NAME}" ]; then
12 echo "Found deletion event for ${USER_NAME} at ${time}"
13 fi
14 done 2>/dev/null || echo "Cannot check CloudTrail (IAMInvalidUserIDNotFound - user may not exist)"
15
16echo "\n=== Alternative: Check User Directly ==="
17aws iam get-user --user-name ${USER_NAME} 2>&1 | head -3↗Related Errors
Provider Information
This error code is specific to AWS services. For more information, refer to the official AWS documentation.