Geek Answers Handbook

From the AWS SDK, how to get the current username (or IAM user name)?

I use the Ruby SDK (V2), but I think my question is more general than the specific implementation, since I could not find the answer in any of the SDKs.

How do I get the username (and / or IAM user) to which my session belongs?

I allow the SDK to perform the default behavior for selecting credentials (ENV vars, then the default profile or another, if specified, and then the role of the machine). Then I initialize my client and run the commands. I would like to know who executes the commands. I expect to get an AWS username, and if IAM user credentials are listed, this is also the username.

Any ideas? The best thing that I have received so far is that after creating the Client object, I can request its actual config and get the Credentials . But that only gives me what credentials were selected (i.e. SharedCredentials profile='default' vs. Credentials key=.. secret=.. ) and doesn't tell me who his name is.

Many thanks!

+8
amazon-web-services amazon-iam aws-sdk
source share
2 answers

Be careful with your terminology. Interaction with the AWS API occurs throughout HTTP, both without a session and without regard to state, so there really is no concept of a user "logged in" or "session".

However, for a given set of credentials, you can get the attributes of the "current" user (the user whose credentials you use) from Aws::IAM::CurrentUser .

http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/CurrentUser.html

I apologize for the lack of an example - I am not familiar with Ruby at all, but found this on the basis of what I knew could be done using the direct request APIs and the command line client with aws iam get-user . The available attributes are the same: user_name , password_last_used , create_date , user_id , path and arn ... so I suspect this is what you are looking for.

From the Query API Docs ::

by default, the user requests a request

+2
source share

STS (Security Token Service) provides an API for this:

GetCallerIdentity Returns information about the IAM identifier whose credentials are used to call the API.

http://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html

+1
source share

More articles:


All Articles