I'm using the Ruby SDK (V2), but I guess my question is more general than the specific implementation as I couldn't find an answer in any of the SDKs.
How do I get the username (and/or IAM user) that my session currently belongs to?
I let the SDK run its default behaviour for choosing credentials (ENV vars, then 'default' profile or other if specified and then machine role). Then I initialize my client and run commands. I'd like to know 'who is running the commands'. I expect to get the AWS username and if the chosen credentials were of an IAM user in it, then this username too.
Any ideas?
The best I got so far was that after I build a Client
object, I can query it's actual config
and get Credentials
. But that only gives me what credentials were chosen (i.e. SharedCredentials profile='default'
vs. Credentials key=.. secret=..
) and doesn't tell me who is the username behind it.
Many thanks!
An AWS Identity and Access Management (IAM) user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. A user in AWS consists of a name and credentials. An IAM user with administrator permissions is not the same thing as the AWS account root user.
Be careful with your terminology -- interactions with the AWS APIs are all over HTTP, and are sessionless and stateless, so there's not really a concept of the currently "logged in" user, or a "session."
However, for a given set of credentials, you can fetch the attributes of the "current" user (the user whose credentials you're using) from Aws::IAM::CurrentUser
.
http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/CurrentUser.html
Apologies for the lack of an example -- I am unfamiliar with Ruby in general -- but found this based on what I knew could be done with the direct query APIs and command line client with aws iam get-user
. The available attributes are all the same: user_name
, password_last_used
, create_date
, user_id
, path
, and arn
... so I suspect this is what you're looking for.
From the Query API docs:
it defaults to the user making the request
STS (Security Token Service) provides an API for this:
GetCallerIdentity
Returns details about the IAM identity whose credentials are used to call the API.
http://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With