Is it possible to get aws account id with only aws access key and secret key in command line (CLI)
Is it possible to get aws account id with only aws access key and secret key in command line (CLI)
I have access key and secret key with me. Is it possible to get the account id using those in command line.
command-line aws amazon-s3
add a comment |
Is it possible to get aws account id with only aws access key and secret key in command line (CLI)
I have access key and secret key with me. Is it possible to get the account id using those in command line.
command-line aws amazon-s3
add a comment |
Is it possible to get aws account id with only aws access key and secret key in command line (CLI)
I have access key and secret key with me. Is it possible to get the account id using those in command line.
command-line aws amazon-s3
Is it possible to get aws account id with only aws access key and secret key in command line (CLI)
I have access key and secret key with me. Is it possible to get the account id using those in command line.
command-line aws amazon-s3
command-line aws amazon-s3
asked Nov 12 '18 at 4:43
Vandhana
386
386
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
This is the correct way:
~ $ aws sts get-caller-identity
{
"Account": "123456789012",
"UserId": "AIDABCDEFGHJKL...",
"Arn": "arn:aws:iam::123456789012:user/some.user"
}
It works for IAM Users, Cross-account IAM Roles, EC2 IAM Roles, etc.
Use together with jq
to obtain just the account id:
~ $ aws sts get-caller-identity | jq -r .Account
123456789012
Hope that helps :)
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid Getting this error :(
– Vandhana
Nov 12 '18 at 6:02
That's because you've got$AWS_SECURITY_TOKEN
environment variable set for whatever reason. Rununset AWS_SECURITY_TOKEN AWS_SESSION_TOKEN
first and then retry.
– MLu
Nov 12 '18 at 6:04
Getting same error :|
– Vandhana
Nov 12 '18 at 7:48
i got the output.. but for the below command AWS_ACCESS_KEY_ID=AXXXXXXGA AWS_SECRET_ACCESS_KEY=NXXXXXXt aws sts get-caller-identity But y shd i specify the keys for all the aws commands.. is there any other way to do so
– Vandhana
Nov 12 '18 at 7:57
@Vandhana you can save the credentials to a config file: docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
– MLu
Nov 12 '18 at 8:16
|
show 2 more comments
Almost every AWS object includes the account id. For example, my IAM user is arn:aws:iam::ACCOUNT_ID:user/Andrew.Lorien, and the ID of one of my cloudformation stacks is arn:aws:cloudformation:us-west-2:ACCOUNT_ID:stack/my-repository/12345678-90ab-cdef-1234-567890abcdef.
So you can query anything you know you have, and extract the ID from that. Here's a bash one-liner which gets the first IAM user (a string like arn:aws:iam::ACCOUNT_ID:user/USER_NAME)
and extracts the account ID.
aws iam list-users --query "Users[0].Arn" --output text | cut -d ":" -f 5
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid Getting this error
– Vandhana
Nov 12 '18 at 5:42
Hmm, you must not have permission to read IAM, even your own. I have a better answer, but it's a completely different answer so I'll post it separately.
– andrew lorien
Nov 12 '18 at 23:16
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481196%2fis-it-possible-to-get-aws-account-id-with-only-aws-access-key-and-secret-key-in%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is the correct way:
~ $ aws sts get-caller-identity
{
"Account": "123456789012",
"UserId": "AIDABCDEFGHJKL...",
"Arn": "arn:aws:iam::123456789012:user/some.user"
}
It works for IAM Users, Cross-account IAM Roles, EC2 IAM Roles, etc.
Use together with jq
to obtain just the account id:
~ $ aws sts get-caller-identity | jq -r .Account
123456789012
Hope that helps :)
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid Getting this error :(
– Vandhana
Nov 12 '18 at 6:02
That's because you've got$AWS_SECURITY_TOKEN
environment variable set for whatever reason. Rununset AWS_SECURITY_TOKEN AWS_SESSION_TOKEN
first and then retry.
– MLu
Nov 12 '18 at 6:04
Getting same error :|
– Vandhana
Nov 12 '18 at 7:48
i got the output.. but for the below command AWS_ACCESS_KEY_ID=AXXXXXXGA AWS_SECRET_ACCESS_KEY=NXXXXXXt aws sts get-caller-identity But y shd i specify the keys for all the aws commands.. is there any other way to do so
– Vandhana
Nov 12 '18 at 7:57
@Vandhana you can save the credentials to a config file: docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
– MLu
Nov 12 '18 at 8:16
|
show 2 more comments
This is the correct way:
~ $ aws sts get-caller-identity
{
"Account": "123456789012",
"UserId": "AIDABCDEFGHJKL...",
"Arn": "arn:aws:iam::123456789012:user/some.user"
}
It works for IAM Users, Cross-account IAM Roles, EC2 IAM Roles, etc.
Use together with jq
to obtain just the account id:
~ $ aws sts get-caller-identity | jq -r .Account
123456789012
Hope that helps :)
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid Getting this error :(
– Vandhana
Nov 12 '18 at 6:02
That's because you've got$AWS_SECURITY_TOKEN
environment variable set for whatever reason. Rununset AWS_SECURITY_TOKEN AWS_SESSION_TOKEN
first and then retry.
– MLu
Nov 12 '18 at 6:04
Getting same error :|
– Vandhana
Nov 12 '18 at 7:48
i got the output.. but for the below command AWS_ACCESS_KEY_ID=AXXXXXXGA AWS_SECRET_ACCESS_KEY=NXXXXXXt aws sts get-caller-identity But y shd i specify the keys for all the aws commands.. is there any other way to do so
– Vandhana
Nov 12 '18 at 7:57
@Vandhana you can save the credentials to a config file: docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
– MLu
Nov 12 '18 at 8:16
|
show 2 more comments
This is the correct way:
~ $ aws sts get-caller-identity
{
"Account": "123456789012",
"UserId": "AIDABCDEFGHJKL...",
"Arn": "arn:aws:iam::123456789012:user/some.user"
}
It works for IAM Users, Cross-account IAM Roles, EC2 IAM Roles, etc.
Use together with jq
to obtain just the account id:
~ $ aws sts get-caller-identity | jq -r .Account
123456789012
Hope that helps :)
This is the correct way:
~ $ aws sts get-caller-identity
{
"Account": "123456789012",
"UserId": "AIDABCDEFGHJKL...",
"Arn": "arn:aws:iam::123456789012:user/some.user"
}
It works for IAM Users, Cross-account IAM Roles, EC2 IAM Roles, etc.
Use together with jq
to obtain just the account id:
~ $ aws sts get-caller-identity | jq -r .Account
123456789012
Hope that helps :)
answered Nov 12 '18 at 5:51
MLu
1,323822
1,323822
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid Getting this error :(
– Vandhana
Nov 12 '18 at 6:02
That's because you've got$AWS_SECURITY_TOKEN
environment variable set for whatever reason. Rununset AWS_SECURITY_TOKEN AWS_SESSION_TOKEN
first and then retry.
– MLu
Nov 12 '18 at 6:04
Getting same error :|
– Vandhana
Nov 12 '18 at 7:48
i got the output.. but for the below command AWS_ACCESS_KEY_ID=AXXXXXXGA AWS_SECRET_ACCESS_KEY=NXXXXXXt aws sts get-caller-identity But y shd i specify the keys for all the aws commands.. is there any other way to do so
– Vandhana
Nov 12 '18 at 7:57
@Vandhana you can save the credentials to a config file: docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
– MLu
Nov 12 '18 at 8:16
|
show 2 more comments
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid Getting this error :(
– Vandhana
Nov 12 '18 at 6:02
That's because you've got$AWS_SECURITY_TOKEN
environment variable set for whatever reason. Rununset AWS_SECURITY_TOKEN AWS_SESSION_TOKEN
first and then retry.
– MLu
Nov 12 '18 at 6:04
Getting same error :|
– Vandhana
Nov 12 '18 at 7:48
i got the output.. but for the below command AWS_ACCESS_KEY_ID=AXXXXXXGA AWS_SECRET_ACCESS_KEY=NXXXXXXt aws sts get-caller-identity But y shd i specify the keys for all the aws commands.. is there any other way to do so
– Vandhana
Nov 12 '18 at 7:57
@Vandhana you can save the credentials to a config file: docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
– MLu
Nov 12 '18 at 8:16
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid Getting this error :(
– Vandhana
Nov 12 '18 at 6:02
An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid Getting this error :(
– Vandhana
Nov 12 '18 at 6:02
That's because you've got
$AWS_SECURITY_TOKEN
environment variable set for whatever reason. Run unset AWS_SECURITY_TOKEN AWS_SESSION_TOKEN
first and then retry.– MLu
Nov 12 '18 at 6:04
That's because you've got
$AWS_SECURITY_TOKEN
environment variable set for whatever reason. Run unset AWS_SECURITY_TOKEN AWS_SESSION_TOKEN
first and then retry.– MLu
Nov 12 '18 at 6:04
Getting same error :|
– Vandhana
Nov 12 '18 at 7:48
Getting same error :|
– Vandhana
Nov 12 '18 at 7:48
i got the output.. but for the below command AWS_ACCESS_KEY_ID=AXXXXXXGA AWS_SECRET_ACCESS_KEY=NXXXXXXt aws sts get-caller-identity But y shd i specify the keys for all the aws commands.. is there any other way to do so
– Vandhana
Nov 12 '18 at 7:57
i got the output.. but for the below command AWS_ACCESS_KEY_ID=AXXXXXXGA AWS_SECRET_ACCESS_KEY=NXXXXXXt aws sts get-caller-identity But y shd i specify the keys for all the aws commands.. is there any other way to do so
– Vandhana
Nov 12 '18 at 7:57
@Vandhana you can save the credentials to a config file: docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
– MLu
Nov 12 '18 at 8:16
@Vandhana you can save the credentials to a config file: docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
– MLu
Nov 12 '18 at 8:16
|
show 2 more comments
Almost every AWS object includes the account id. For example, my IAM user is arn:aws:iam::ACCOUNT_ID:user/Andrew.Lorien, and the ID of one of my cloudformation stacks is arn:aws:cloudformation:us-west-2:ACCOUNT_ID:stack/my-repository/12345678-90ab-cdef-1234-567890abcdef.
So you can query anything you know you have, and extract the ID from that. Here's a bash one-liner which gets the first IAM user (a string like arn:aws:iam::ACCOUNT_ID:user/USER_NAME)
and extracts the account ID.
aws iam list-users --query "Users[0].Arn" --output text | cut -d ":" -f 5
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid Getting this error
– Vandhana
Nov 12 '18 at 5:42
Hmm, you must not have permission to read IAM, even your own. I have a better answer, but it's a completely different answer so I'll post it separately.
– andrew lorien
Nov 12 '18 at 23:16
add a comment |
Almost every AWS object includes the account id. For example, my IAM user is arn:aws:iam::ACCOUNT_ID:user/Andrew.Lorien, and the ID of one of my cloudformation stacks is arn:aws:cloudformation:us-west-2:ACCOUNT_ID:stack/my-repository/12345678-90ab-cdef-1234-567890abcdef.
So you can query anything you know you have, and extract the ID from that. Here's a bash one-liner which gets the first IAM user (a string like arn:aws:iam::ACCOUNT_ID:user/USER_NAME)
and extracts the account ID.
aws iam list-users --query "Users[0].Arn" --output text | cut -d ":" -f 5
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid Getting this error
– Vandhana
Nov 12 '18 at 5:42
Hmm, you must not have permission to read IAM, even your own. I have a better answer, but it's a completely different answer so I'll post it separately.
– andrew lorien
Nov 12 '18 at 23:16
add a comment |
Almost every AWS object includes the account id. For example, my IAM user is arn:aws:iam::ACCOUNT_ID:user/Andrew.Lorien, and the ID of one of my cloudformation stacks is arn:aws:cloudformation:us-west-2:ACCOUNT_ID:stack/my-repository/12345678-90ab-cdef-1234-567890abcdef.
So you can query anything you know you have, and extract the ID from that. Here's a bash one-liner which gets the first IAM user (a string like arn:aws:iam::ACCOUNT_ID:user/USER_NAME)
and extracts the account ID.
aws iam list-users --query "Users[0].Arn" --output text | cut -d ":" -f 5
Almost every AWS object includes the account id. For example, my IAM user is arn:aws:iam::ACCOUNT_ID:user/Andrew.Lorien, and the ID of one of my cloudformation stacks is arn:aws:cloudformation:us-west-2:ACCOUNT_ID:stack/my-repository/12345678-90ab-cdef-1234-567890abcdef.
So you can query anything you know you have, and extract the ID from that. Here's a bash one-liner which gets the first IAM user (a string like arn:aws:iam::ACCOUNT_ID:user/USER_NAME)
and extracts the account ID.
aws iam list-users --query "Users[0].Arn" --output text | cut -d ":" -f 5
answered Nov 12 '18 at 5:31
andrew lorien
17010
17010
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid Getting this error
– Vandhana
Nov 12 '18 at 5:42
Hmm, you must not have permission to read IAM, even your own. I have a better answer, but it's a completely different answer so I'll post it separately.
– andrew lorien
Nov 12 '18 at 23:16
add a comment |
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid Getting this error
– Vandhana
Nov 12 '18 at 5:42
Hmm, you must not have permission to read IAM, even your own. I have a better answer, but it's a completely different answer so I'll post it separately.
– andrew lorien
Nov 12 '18 at 23:16
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid Getting this error
– Vandhana
Nov 12 '18 at 5:42
An error occurred (InvalidClientTokenId) when calling the ListUsers operation: The security token included in the request is invalid Getting this error
– Vandhana
Nov 12 '18 at 5:42
Hmm, you must not have permission to read IAM, even your own. I have a better answer, but it's a completely different answer so I'll post it separately.
– andrew lorien
Nov 12 '18 at 23:16
Hmm, you must not have permission to read IAM, even your own. I have a better answer, but it's a completely different answer so I'll post it separately.
– andrew lorien
Nov 12 '18 at 23:16
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481196%2fis-it-possible-to-get-aws-account-id-with-only-aws-access-key-and-secret-key-in%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown