Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Programmatically get Account Id from lambda context arn

Tags:

aws-lambda

I have access to

com.amazonaws.services.lambda.runtime.Context;

object and by extension the invoked function Arn. The arn contains the account Id where the lambda resides.

My question is simple, I want the cleanest way to extract the account Id from that.

I was taking a look

com.amazon.arn.ARN;

It has a whole bunch of stuff, but no account ID (which i presume is due to the fact that not all arns have account ids ?)

I want to cleanly extract the account Id, without resorting to parsing the string.

like image 522
Arunav Sanyal Avatar asked Mar 07 '18 23:03

Arunav Sanyal


People also ask

What is context in Lambda function?

When Lambda runs your function, it passes a context object to the handler. This object provides methods and properties that provide information about the invocation, function, and execution environment.

How do I find my AWS account ID in Lambda?

To get the AWS Account ID of a running Lambda Function, we need to get the Lambda Function's ARN first. This can be seen inside the context object. The 12 digit 123456789012 is the AWS Account ID. If we split the Lambda Function ARN by the character colon (:), the fifth string would be the AWS Account ID.

How do I find my AWS account ID?

To find your AWS account ID when signed in as the root userIn the navigation bar on the upper right, choose your account name or number and then choose My Security Credentials. Expand the Account identifiers section. The account number appears next to the label AWS account ID.

What is context awsRequestId?

Context properties Indicates if the invoker specified a version number or alias. memoryLimitInMB – The amount of memory that's allocated for the function. awsRequestId – The identifier of the invocation request.


Video Answer


3 Answers

If your lambda is being used as an API Gateway proxy lambda, then you have access to event.requestContext.accountId (where event is the first parameter to your handler function).

Otherwise, you will have to split the ARN up.

From the AWS documentation about ARN formats, here are the valid Lambda ARN formats:

arn:aws:lambda:region:account-id:function:function-name

arn:aws:lambda:region:account-id:function:function-name:alias-name

arn:aws:lambda:region:account-id:function:function-name:version

arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id

In all cases, account-id is the 5th item in the ARN (treating : as a separator). Therefore, you can just do this:

String accountId = arn.split(":")[4];
like image 194
Nicholas Sizer Avatar answered Oct 16 '22 05:10

Nicholas Sizer


You no longer need to parse the arn anymore, sts library has introduced get_caller_identity for this purpose. Its an overkill, but works!.

Excerpts from aws docs.

python

import boto3

client = boto3.client('sts')
response = client.get_caller_identity()['Account']

js

/* This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012. */

 var params = {
 };
 sts.getCallerIdentity(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else     console.log(data);           // successful response
   /*
   data = {
    Account: "123456789012", 
    Arn: "arn:aws:iam::123456789012:user/Alice", 
    UserId: "AKIAI44QH8DHBEXAMPLE"
   }
   */
 });

More details here & here

like image 42
Jimson James Avatar answered Oct 16 '22 04:10

Jimson James


I use this:

ACCID:  { "Fn::Join" : ["", [{ "Ref" : "AWS::AccountId" }, "" ]] }
like image 30
ricsto Avatar answered Oct 16 '22 05:10

ricsto