AWS

InvalidUserID.NotFound - Invalid User ID Not Found

Getting an **InvalidUserID.NotFound** error means the IAM User ID you're referencing doesn't exist in your AWS account—the user might have been deleted, the ID is misspelled, or it belongs to a different account. This client-side error (4xx) happens when AWS can't find the user by ID. Most common when IAM users are deleted, but also appears when user IDs are misspelled, users are in different accounts, user ID format is invalid, or IAM policies reference non-existent users.

#Common Causes

  • Identity: IAM user ID doesn't exist. User was deleted from account. User ID belongs to different AWS account. User ID format invalid (should be AIDA...).
  • Network: Cross-account user reference. IAM user in different region (users are global).
  • Limits: Typo in user ID. User ID format incorrect. User never existed.

Solutions

  1. 1Step 1: Diagnose - List all IAM users to find correct ID: aws iam list-users --query 'Users[*].[UserId,UserName,CreateDate]' --output table. Compare UserId with your reference.
  2. 2Step 2: Diagnose - Get user by username instead of ID: aws iam get-user --user-name USER_NAME --query 'User.[UserId,UserName,Arn]' --output table. Usernames are more reliable than IDs.
  3. 3Step 3: Diagnose - Check if user was deleted: Review IAM user deletion logs. Check CloudTrail: aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=DeleteUser --query 'Events[*].CloudTrailEvent' --output text | jq '.userIdentity.userName'.
  4. 4Step 4: Fix - Use username instead of user ID: Replace UserId references with UserName in IAM policies. Update code to use usernames: aws iam get-user --user-name USER_NAME.
  5. 5Step 5: Fix - Verify user exists before referencing: aws iam get-user --user-name USER_NAME. If user doesn't exist, create it: aws iam create-user --user-name USER_NAME. Or update references to use existing users.

</>Code Examples

List IAM Users and Find Correct User ID
1#!/bin/bash
2# List all IAM users with their IDs
3echo "=== All IAM Users ==="
4aws iam list-users \
5  --query 'Users[*].[UserId,UserName,CreateDate]' \
6  --output table
7
8# Search for specific user
9SEARCH_NAME="john"
10echo "\n=== Searching for User: ${SEARCH_NAME} ==="
11aws iam list-users \
12  --query "Users[?contains(UserName, '${SEARCH_NAME}')].[UserId,UserName]" \
13  --output table
14
15# Get user by username (more reliable than ID)
16USER_NAME="myuser"
17echo "\n=== Getting User by Name: ${USER_NAME} ==="
18aws iam get-user --user-name ${USER_NAME} \
19  --query 'User.[UserId,UserName,Arn,CreateDate]' \
20  --output table 2>&1
21
22if [ $? -ne 0 ]; then
23  echo "User not found. Listing all users:"
24  aws iam list-users --query 'Users[*].UserName' --output table
25fi
Check CloudTrail for User Deletion
1#!/bin/bash
2# Check CloudTrail for user deletion events
3USER_NAME="myuser"
4echo "=== Checking CloudTrail for User: ${USER_NAME} ==="
5
6aws cloudtrail lookup-events \
7  --lookup-attributes AttributeKey=EventName,AttributeValue=DeleteUser \
8  --max-results 10 \
9  --query 'Events[*].[EventTime,CloudTrailEvent]' \
10  --output text | while read time event; do
11    echo "Time: ${time}"
12    echo "${event}" | jq -r '.userIdentity.userName' 2>/dev/null || echo "Could not parse"
13    echo "---"
14  done
15
16# Check if user exists now
17echo "\n=== Checking Current User Status ==="
18aws iam get-user --user-name ${USER_NAME} 2>&1 || echo "User does not exist"
Use Username Instead of User ID
1#!/bin/bash
2# Instead of using User ID, use Username
3USER_NAME="myuser"
4
5# Get user details by username
6echo "=== Getting User by Username ==="
7USER_INFO=$(aws iam get-user --user-name ${USER_NAME} \
8  --query 'User.[UserId,UserName,Arn]' \
9  --output text 2>&1)
10
11if [ $? -eq 0 ]; then
12  USER_ID=$(echo ${USER_INFO} | cut -f1)
13  USER_NAME=$(echo ${USER_INFO} | cut -f2)
14  USER_ARN=$(echo ${USER_INFO} | cut -f3)
15  
16  echo "User ID: ${USER_ID}"
17  echo "User Name: ${USER_NAME}"
18  echo "User ARN: ${USER_ARN}"
19  
20  # Use username in IAM policy references
21  echo "\n=== Example: Using Username in Policy ==="
22  echo "Instead of: arn:aws:iam::ACCOUNT:user/${USER_ID}"
23  echo "Use: arn:aws:iam::ACCOUNT:user/${USER_NAME}"
24else
25  echo "User not found. Create user:"
26  echo "aws iam create-user --user-name ${USER_NAME}"
27fi

Related Errors

AccessDeniedNoSuchEntity

Provider Information

This error code is specific to AWS services. For more information, refer to the official AWS documentation.

InvalidUserID.NotFound - Invalid User ID Not Found | AWS Error Reference | Error Code Reference