Get AWS Account ID from Boto
Question:
I have an AWS_ACCESS_KEY_ID and an AWS_SECRET_KEY. These are active credentials, so they belong to an active user, who belongs to an AWS Account. How, using Boto3, do I find the ID of this AWS Account?
Answers:
Thanks to @louahola for the improvement on my initial answer.
This will get you the Account ID for your key pair:
import boto3
sts = boto3.client(
"sts", aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY,
)
account_id = sts.get_caller_identity()["Account"]
If you are running on an EC2 instance with IAM role-based permissions or any of boto3’s other credential options, you can do this even easier:
import boto3
account_id = boto3.client("sts").get_caller_identity()["Account"]
Something like this will work:
import boto3
ACCESS_KEY = 'FOO'
SECRET_KEY = 'BAR'
iam = boto3.resource('iam',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
)
account_id = iam.CurrentUser().arn.split(':')[4]
print account_id
If you use EC2 IAM roles, you can omit all of the access/secret key stuff and the code becomes simply:
iam = boto3.resource('iam')
account_id = iam.CurrentUser().arn.split(':')[4]
The AccountID can be grabbed from the get-caller-identity sts function. This returns an “Account” field:
client = boto3.client("sts", aws_access_key_id=access_key, aws_secret_access_key=secret_key)
account_id = client.get_caller_identity()["Account"]
I have an AWS_ACCESS_KEY_ID and an AWS_SECRET_KEY. These are active credentials, so they belong to an active user, who belongs to an AWS Account. How, using Boto3, do I find the ID of this AWS Account?
Thanks to @louahola for the improvement on my initial answer.
This will get you the Account ID for your key pair:
import boto3
sts = boto3.client(
"sts", aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY,
)
account_id = sts.get_caller_identity()["Account"]
If you are running on an EC2 instance with IAM role-based permissions or any of boto3’s other credential options, you can do this even easier:
import boto3
account_id = boto3.client("sts").get_caller_identity()["Account"]
Something like this will work:
import boto3
ACCESS_KEY = 'FOO'
SECRET_KEY = 'BAR'
iam = boto3.resource('iam',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
)
account_id = iam.CurrentUser().arn.split(':')[4]
print account_id
If you use EC2 IAM roles, you can omit all of the access/secret key stuff and the code becomes simply:
iam = boto3.resource('iam')
account_id = iam.CurrentUser().arn.split(':')[4]
The AccountID can be grabbed from the get-caller-identity sts function. This returns an “Account” field:
client = boto3.client("sts", aws_access_key_id=access_key, aws_secret_access_key=secret_key)
account_id = client.get_caller_identity()["Account"]