Difference between revisions of "Aws sts get-caller-identity"

From wikieduonline
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 24: Line 24:
 
     "UserId": "AROASTNMATSFIGC3RFZFC:martin.oscar",
 
     "UserId": "AROASTNMATSFIGC3RFZFC:martin.oscar",
 
     "Account": "09876543212",
 
     "Account": "09876543212",
     "Arn": "arn:aws:sts::09876543212:[[assumed-role]]/AWSReservedSSO_AdministratorAccess_111111111/your-username"
+
     "Arn": "arn:aws:sts::09876543212:[[assumed-role]]/[[AWSReservedSSO_AdministratorAccess]]_111111111/your-username"
 
  }
 
  }
  
Line 72: Line 72:
 
* [[An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied]]
 
* [[An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied]]
 
* <code>[[aws eks get-token]]</code>
 
* <code>[[aws eks get-token]]</code>
[[sts:AssumeRole]]
+
* <code>[[sts:AssumeRole]]</code>
[[sts:GetCallerIdentity]]
+
* <code>[[sts:GetCallerIdentity]]</code>
 
* [[AWS switching to a role]]
 
* [[AWS switching to a role]]
 +
* [[AWS info]]
 +
* [[Creating or updating a kubeconfig file for an Amazon EKS cluster]]
  
 
== See also ==
 
== See also ==

Latest revision as of 05:09, 12 February 2024

aws sts get-caller-identity command outputs three pieces of information including the ARN.

Commands[edit]

  • aws sts get-caller-identity
  • aws sts get-caller-identity --profile XXXXX
  • aws sts get-caller-identity --output text --query 'Account'
  • ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')


Examples[edit]

aws sts get-caller-identity
{
    "UserId": "ZIDBZCTGOUKVXXFNQ5Q3F",
    "Account": "09876543212",
    "Arn": "arn:aws:iam::09876543212:user/your_user"
}
{
    "UserId": "AROASTNMATSFIGC3RFZFC:martin.oscar",
    "Account": "09876543212",
    "Arn": "arn:aws:sts::09876543212:assumed-role/AWSReservedSSO_AdministratorAccess_111111111/your-username"
}

Errors[edit]

aws sts get-caller-identity
Unable to locate credentials. You can configure credentials by running "aws configure".
aws sts get-caller-identity
An error ocurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid
data.aws_caller_identity.current
data.aws_caller_identity.current
Traceback (most recent call last):
 File "/usr/local/bin/aws", line 19, in <module>
   import awscli.clidriver
 File "/usr/local/lib/python3.6/site-packages/awscli/clidriver.py", line 17, in <module>
   import botocore.session
 File "/usr/local/lib/python3.6/site-packages/botocore/session.py", line 29, in <module>
   import botocore.credentials
 File "/usr/local/lib/python3.6/site-packages/botocore/credentials.py", line 35, in <module>
   from botocore.config import Config
 File "/usr/local/lib/python3.6/site-packages/botocore/config.py", line 16, in <module>
   from botocore.endpoint import DEFAULT_TIMEOUT, MAX_POOL_CONNECTIONS
 File "/usr/local/lib/python3.6/site-packages/botocore/endpoint.py", line 24, in <module>
   from botocore.awsrequest import create_request_object
 File "/usr/local/lib/python3.6/site-packages/botocore/awsrequest.py", line 24, in <module>
   import botocore.utils
 File "/usr/local/lib/python3.6/site-packages/botocore/utils.py", line 32, in <module>
   import botocore.httpsession
 File "/usr/local/lib/python3.6/site-packages/botocore/httpsession.py", line 10, in <module>
   from urllib3.util.ssl_ import (
ImportError: cannot import name 'PROTOCOL_TLS'

Related[edit]

See also[edit]

Advertising: