Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

From AWS SDK, how to I get the current logged in username (or IAM user)?

I'm using the Ruby SDK (V2), but I guess my question is more general than the specific implementation as I couldn't find an answer in any of the SDKs.

How do I get the username (and/or IAM user) that my session currently belongs to?

I let the SDK run its default behaviour for choosing credentials (ENV vars, then 'default' profile or other if specified and then machine role). Then I initialize my client and run commands. I'd like to know 'who is running the commands'. I expect to get the AWS username and if the chosen credentials were of an IAM user in it, then this username too.

Any ideas? The best I got so far was that after I build a Client object, I can query it's actual config and get Credentials. But that only gives me what credentials were chosen (i.e. SharedCredentials profile='default' vs. Credentials key=.. secret=..) and doesn't tell me who is the username behind it.

Many thanks!

like image 491
Zach Moshe Avatar asked Dec 14 '15 10:12

Zach Moshe


People also ask

What is AWS IAM username?

An AWS Identity and Access Management (IAM) user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. A user in AWS consists of a name and credentials. An IAM user with administrator permissions is not the same thing as the AWS account root user.


2 Answers

Be careful with your terminology -- interactions with the AWS APIs are all over HTTP, and are sessionless and stateless, so there's not really a concept of the currently "logged in" user, or a "session."

However, for a given set of credentials, you can fetch the attributes of the "current" user (the user whose credentials you're using) from Aws::IAM::CurrentUser.

http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/CurrentUser.html

Apologies for the lack of an example -- I am unfamiliar with Ruby in general -- but found this based on what I knew could be done with the direct query APIs and command line client with aws iam get-user. The available attributes are all the same: user_name, password_last_used, create_date, user_id, path, and arn... so I suspect this is what you're looking for.

From the Query API docs:

it defaults to the user making the request

like image 118
Michael - sqlbot Avatar answered Sep 19 '22 06:09

Michael - sqlbot


STS (Security Token Service) provides an API for this:

GetCallerIdentity Returns details about the IAM identity whose credentials are used to call the API.

http://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html

like image 26
Michael Rush Avatar answered Sep 20 '22 06:09

Michael Rush