Difference between revisions of "Aws sts get-caller-identity"
Jump to navigation
Jump to search
(22 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
+ | |||
{{lowercase}} | {{lowercase}} | ||
+ | <code>[[aws sts]] get-caller-identity</code> command outputs three pieces of information including the ARN. | ||
+ | * https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-caller-identity.html | ||
− | + | == Commands == | |
− | * | + | * <code>[[aws sts]] get-caller-identity</code> |
− | + | * <code>aws sts get-caller-identity --profile XXXXX</code> | |
− | + | * <code>aws sts get-caller-identity --output text --query 'Account'</code> | |
− | + | * <code>[[ACCOUNT_ID]]=$(aws sts get-caller-identity --output text --query 'Account')</code> | |
− | |||
− | |||
− | |||
+ | * <code>[[aws sts]] get-caller-identity && [[aws iam list-account-aliases]]</code> | ||
+ | == Examples == | ||
aws sts get-caller-identity | aws sts get-caller-identity | ||
{ | { | ||
"UserId": "ZIDBZCTGOUKVXXFNQ5Q3F", | "UserId": "ZIDBZCTGOUKVXXFNQ5Q3F", | ||
− | "[[Account]]": "09876543212", | + | "[[AWS accounts|Account]]": "09876543212", |
"Arn": "arn:aws:iam::09876543212:user/your_user" | "Arn": "arn:aws:iam::09876543212:user/your_user" | ||
} | } | ||
Line 22: | Line 24: | ||
"UserId": "AROASTNMATSFIGC3RFZFC:martin.oscar", | "UserId": "AROASTNMATSFIGC3RFZFC:martin.oscar", | ||
"Account": "09876543212", | "Account": "09876543212", | ||
− | "Arn": "arn:aws:sts::09876543212:[[assumed-role]]/ | + | "Arn": "arn:aws:sts::09876543212:[[assumed-role]]/[[AWSReservedSSO_AdministratorAccess]]_111111111/your-username" |
} | } | ||
Line 28: | Line 30: | ||
aws sts get-caller-identity | aws sts get-caller-identity | ||
[[Unable to locate credentials. You can configure credentials by running "aws configure".]] | [[Unable to locate credentials. You can configure credentials by running "aws configure".]] | ||
+ | |||
+ | aws sts get-caller-identity | ||
+ | [[An error ocurred]] ([[InvalidClientTokenId]]) when calling the [[GetCallerIdentity]] operation: The security token included in the request is invalid | ||
+ | |||
+ | [[data.aws_caller_identity.current]] | ||
+ | |||
+ | * <code>[[error: You must be logged in to the server (Unauthorized)]]</code> | ||
+ | |||
+ | [[data.aws_caller_identity.current]] | ||
+ | Traceback (most recent call last): | ||
+ | File "/usr/local/bin/aws", line 19, in <module> | ||
+ | import awscli.clidriver | ||
+ | File "/usr/local/lib/python3.6/site-packages/awscli/clidriver.py", line 17, in <module> | ||
+ | import botocore.session | ||
+ | File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 29, in <module> | ||
+ | import botocore.credentials | ||
+ | File "/usr/local/lib/python3.6/site-packages/botocore/credentials.py", line 35, in <module> | ||
+ | from botocore.config import Config | ||
+ | File "/usr/local/lib/python3.6/site-packages/botocore/config.py", line 16, in <module> | ||
+ | from botocore.endpoint import DEFAULT_TIMEOUT, MAX_POOL_CONNECTIONS | ||
+ | File "/usr/local/lib/python3.6/site-packages/botocore/endpoint.py", line 24, in <module> | ||
+ | from botocore.awsrequest import create_request_object | ||
+ | File "/usr/local/lib/python3.6/site-packages/botocore/awsrequest.py", line 24, in <module> | ||
+ | import botocore.utils | ||
+ | File "/usr/local/lib/python3.6/site-packages/botocore/utils.py", line 32, in <module> | ||
+ | import botocore.httpsession | ||
+ | File "/usr/local/lib/python3.6/site-packages/botocore/httpsession.py", line 10, in <module> | ||
+ | from urllib3.util.ssl_ import ( | ||
+ | [[ImportError]]: cannot import name '[[PROTOCOL_TLS]]' | ||
== Related == | == Related == | ||
* <code>[[AWS PROFILE]]</code> | * <code>[[AWS PROFILE]]</code> | ||
+ | * <code>[[aws organizations describe-organization]]</code> | ||
+ | * <code>[[aws iam list-attached-user-policies]]</code> | ||
* <code>[[aws iam get-account-summary]]</code> | * <code>[[aws iam get-account-summary]]</code> | ||
* <code>[[aws iam list-account-aliases]]</code> | * <code>[[aws iam list-account-aliases]]</code> | ||
Line 36: | Line 69: | ||
* <code>[[aws sts get-session-token]]</code> | * <code>[[aws sts get-session-token]]</code> | ||
* <code>[[aws iam get-user]]</code> | * <code>[[aws iam get-user]]</code> | ||
+ | * <code>[[aws ssm get-instance-profile]]</code> | ||
* [[An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied]] | * [[An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied]] | ||
* <code>[[aws eks get-token]]</code> | * <code>[[aws eks get-token]]</code> | ||
− | + | * <code>[[sts:AssumeRole]]</code> | |
− | + | * <code>[[sts:GetCallerIdentity]]</code> | |
+ | * [[AWS switching to a role]] | ||
+ | * [[AWS info]] | ||
+ | * [[Creating or updating a kubeconfig file for an Amazon EKS cluster]] | ||
== See also == | == See also == |
Latest revision as of 05:09, 12 February 2024
aws sts get-caller-identity
command outputs three pieces of information including the ARN.
Contents
Commands[edit]
aws sts get-caller-identity
aws sts get-caller-identity --profile XXXXX
aws sts get-caller-identity --output text --query 'Account'
ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')
aws sts get-caller-identity && aws iam list-account-aliases
Examples[edit]
aws sts get-caller-identity { "UserId": "ZIDBZCTGOUKVXXFNQ5Q3F", "Account": "09876543212", "Arn": "arn:aws:iam::09876543212:user/your_user" }
{ "UserId": "AROASTNMATSFIGC3RFZFC:martin.oscar", "Account": "09876543212", "Arn": "arn:aws:sts::09876543212:assumed-role/AWSReservedSSO_AdministratorAccess_111111111/your-username" }
Errors[edit]
aws sts get-caller-identity Unable to locate credentials. You can configure credentials by running "aws configure".
aws sts get-caller-identity An error ocurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid
data.aws_caller_identity.current
data.aws_caller_identity.current Traceback (most recent call last): File "/usr/local/bin/aws", line 19, in <module> import awscli.clidriver File "/usr/local/lib/python3.6/site-packages/awscli/clidriver.py", line 17, in <module> import botocore.session File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 29, in <module> import botocore.credentials File "/usr/local/lib/python3.6/site-packages/botocore/credentials.py", line 35, in <module> from botocore.config import Config File "/usr/local/lib/python3.6/site-packages/botocore/config.py", line 16, in <module> from botocore.endpoint import DEFAULT_TIMEOUT, MAX_POOL_CONNECTIONS File "/usr/local/lib/python3.6/site-packages/botocore/endpoint.py", line 24, in <module> from botocore.awsrequest import create_request_object File "/usr/local/lib/python3.6/site-packages/botocore/awsrequest.py", line 24, in <module> import botocore.utils File "/usr/local/lib/python3.6/site-packages/botocore/utils.py", line 32, in <module> import botocore.httpsession File "/usr/local/lib/python3.6/site-packages/botocore/httpsession.py", line 10, in <module> from urllib3.util.ssl_ import ( ImportError: cannot import name 'PROTOCOL_TLS'
Related[edit]
AWS PROFILE
aws organizations describe-organization
aws iam list-attached-user-policies
aws iam get-account-summary
aws iam list-account-aliases
aws iam create-account-alias
aws sts get-session-token
aws iam get-user
aws ssm get-instance-profile
- An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
aws eks get-token
sts:AssumeRole
sts:GetCallerIdentity
- AWS switching to a role
- AWS info
- Creating or updating a kubeconfig file for an Amazon EKS cluster
See also[edit]
Advertising: