Get AWS Account ID from Boto

后端未结

关注

 3  1765

I have an AWS_ACCESS_KEY_ID and an AWS_SECRET_KEY. These are active credentials, so they belong to an active user, who belongs to an AWS Account. How, using Boto3, do I fi

相关标签:

3条回答

予麋鹿

2020-12-16 10:30
The following function will get you the Account ID for your key pair:
```
import boto3

def get_aws_account_id(access_key, secret_key):
    sts = boto3.client(
        "sts", aws_access_key_id=access_key, aws_secret_access_key=secret_key,
    )
    user_arn = sts.get_caller_identity()["Arn"]
    return user_arn.split(":")[4]
```
This works because user ARN is of the format "arn:aws:iam::ACCOUNT_ID:user/USERNAME". Splitting by colons, Account ID is the 4th item (0-indexed).
0 讨论(0)
发布评论:

提交评论
- 加载中...
执念已碎

2020-12-16 10:34
The AccountID can be grabbed from the get-caller-identity sts function. This returns an "Account" field:
```
client = boto3.client("sts", aws_access_key_id=access_key, aws_secret_access_key=secret_key)
account_id = client.get_caller_identity()["Account"]
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

借酒劲吻你

2020-12-16 10:54

Something like this will work:

import boto3

ACCESS_KEY = 'FOO'
SECRET_KEY = 'BAR'

iam = boto3.resource('iam',
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
)
account_id = iam.CurrentUser().arn.split(':')[4]

print account_id

If you use EC2 IAM roles, you can omit all of the access/secret key stuff and the code becomes simply:

iam = boto3.resource('iam')
account_id = iam.CurrentUser().arn.split(':')[4]

0 讨论(0)