-
-
Save gene1wood/6d4974b7503336d642c9 to your computer and use it in GitHub Desktop.
| import boto3 | |
| print(boto3.client('sts').get_caller_identity()['Account']) |
| aws sts get-caller-identity --query 'Account' --output text |
| # This method is no longer needed with the release of the STS GetCallerIdentity method | |
| def get_account_id(context): | |
| return context.invoked_function_arn.split(':')[4] | |
| def lambda_handler(event, context): | |
| print("My account ID is %s" % get_account_id(context)) |
| # This method is no longer needed with the release of the STS GetCallerIdentity method | |
| from botocore.vendored import requests | |
| import boto3 | |
| def get_account_id(): | |
| try: | |
| # We're running in an ec2 instance, get the account id from the | |
| # instance profile ARN | |
| return requests.get( | |
| 'http://169.254.169.254/latest/meta-data/iam/info/', | |
| timeout=1).json()['InstanceProfileArn'].split(':')[4] | |
| except: | |
| pass | |
| try: | |
| # We're not on an ec2 instance but have api keys, get the account | |
| # id from the user ARN | |
| return boto3.client('iam').get_user()['User']['Arn'].split(':')[4] | |
| except: | |
| pass | |
| return False |
| # This method is no longer needed with the release of the STS GetCallerIdentity method | |
| import urllib2, json | |
| import boto3 | |
| def get_account_id(): | |
| try: | |
| # We're running in an ec2 instance, get the account id from the | |
| # instance profile ARN | |
| return json.loads(urllib2.urlopen( | |
| 'http://169.254.169.254/latest/meta-data/iam/info/', | |
| None, | |
| 1).read())['InstanceProfileArn'].split(':')[4] | |
| except: | |
| pass | |
| try: | |
| # We're not on an ec2 instance but have api keys, get the account | |
| # id from the user ARN | |
| return boto3.client('iam').get_user()['User']['Arn'].split(':')[4] | |
| except: | |
| pass | |
| return False |
@MoOmEeN good catch. I've added a new file that covers lambda since the urllib2 and requests ones only work for users and ec2 instances
I was trying to figure out how to get the account number when I assumed a role to access resources in a second account. In this case the get_user() fails: "An error occurred (ValidationError) when calling the GetUser operation: Must specify userName when calling with non-User credentials"
I found that users list_users works cross accounts as long as there is at least one user account created:
account = assumed_session.client('iam').list_users(MaxItems=1)["Users"][0]["Arn"].split(':')[4]
With the release of the new STS GetCallerIdentity method, there's no more need for different processes for users, ec2 instances, roles and lambda. It can all now be done with the example above
import boto3 print(boto3.client('sts').get_caller_identity()['Account'])
This doesn't seem to work now.
Does not really work for me when used in Lambda function :/
first method fails with:
second with: