Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Method to determine your AWS account ID using boto3 for either a user or an ec2 instance or lambda function
import boto3
print(boto3.client('sts').get_caller_identity()['Account'])
aws sts get-caller-identity --query 'Account' --output text
# This method is no longer needed with the release of the STS GetCallerIdentity method
def get_account_id(context):
return context.invoked_function_arn.split(':')[4]
def lambda_handler(event, context):
print("My account ID is %s" % get_account_id(context))
# This method is no longer needed with the release of the STS GetCallerIdentity method
from botocore.vendored import requests
import boto3
def get_account_id():
try:
# We're running in an ec2 instance, get the account id from the
# instance profile ARN
return requests.get(
'http://169.254.169.254/latest/meta-data/iam/info/',
timeout=1).json()['InstanceProfileArn'].split(':')[4]
except:
pass
try:
# We're not on an ec2 instance but have api keys, get the account
# id from the user ARN
return boto3.client('iam').get_user()['User']['Arn'].split(':')[4]
except:
pass
return False
# This method is no longer needed with the release of the STS GetCallerIdentity method
import urllib2, json
import boto3
def get_account_id():
try:
# We're running in an ec2 instance, get the account id from the
# instance profile ARN
return json.loads(urllib2.urlopen(
'http://169.254.169.254/latest/meta-data/iam/info/',
None,
1).read())['InstanceProfileArn'].split(':')[4]
except:
pass
try:
# We're not on an ec2 instance but have api keys, get the account
# id from the user ARN
return boto3.client('iam').get_user()['User']['Arn'].split(':')[4]
except:
pass
return False
@MoOmEeN

This comment has been minimized.

Copy link

commented Feb 26, 2016

Does not really work for me when used in Lambda function :/
first method fails with:

<urlopen error [Errno 111] Connection refused>

second with:

An error occurred (ValidationError) when calling the GetUser operation: Must specify userName when calling with non-User credentials
@gene1wood

This comment has been minimized.

Copy link
Owner Author

commented Apr 5, 2016

@MoOmEeN good catch. I've added a new file that covers lambda since the urllib2 and requests ones only work for users and ec2 instances

@sandyhider

This comment has been minimized.

Copy link

commented Sep 19, 2016

I was trying to figure out how to get the account number when I assumed a role to access resources in a second account. In this case the get_user() fails: "An error occurred (ValidationError) when calling the GetUser operation: Must specify userName when calling with non-User credentials"

I found that users list_users works cross accounts as long as there is at least one user account created:
account = assumed_session.client('iam').list_users(MaxItems=1)["Users"][0]["Arn"].split(':')[4]

@gene1wood

This comment has been minimized.

Copy link
Owner Author

commented Oct 6, 2016

With the release of the new STS GetCallerIdentity method, there's no more need for different processes for users, ec2 instances, roles and lambda. It can all now be done with the example above

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.