I have an AWS_ACCESS_KEY_ID and an AWS_SECRET_KEY. These are active credentials, so they belong to an active user, who belongs to an AWS Account. How, using Boto3, do I find the ID of this AWS Account?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
The AccountID can be grabbed from the get-caller-identity sts function. This returns an "Account" field:
client = boto3.client("sts", aws_access_key_id=access_key, aws_secret_access_key=secret_key) account_id = client.get_caller_identity()["Account"] 回答2:
Something like this will work:
import boto3 ACCESS_KEY = 'FOO' SECRET_KEY = 'BAR' iam = boto3.resource('iam', aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY, ) account_id = iam.CurrentUser().arn.split(':')[4] print account_id If you use EC2 IAM roles, you can omit all of the access/secret key stuff and the code becomes simply:
iam = boto3.resource('iam') account_id = iam.CurrentUser().arn.split(':')[4] 回答3:
The following function will get you the Account ID for your key pair:
import boto3 def get_aws_account_id(access_key, secret_key): sts = boto3.client( "sts", aws_access_key_id=access_key, aws_secret_access_key=secret_key, ) user_arn = sts.get_caller_identity()["Arn"] return user_arn.split(":")[4] This works because user ARN is of the format "arn:aws:iam::ACCOUNT_ID:user/USERNAME". Splitting by colons, Account ID is the 4th item (0-indexed).