[ aws . sts ]

get-caller-identity

Description

Returns details about the IAM user or role whose credentials are used to call the operation.

Note

No permissions are required to perform this operation. If an administrator adds a policy to your IAM user or role that explicitly denies access to the sts:GetCallerIdentity action, you can still perform this operation. Permissions are not required because the same information is returned when an IAM user or role is denied access. To view an example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice in the IAM User Guide .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  get-caller-identity
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To get details about the current IAM identity

The following get-caller-identity example displays information about the IAM identity used to authenticate the request. The caller is an IAM user.

aws sts get-caller-identity

Output:

{
    "UserId": "AIDASAMPLEUSERID",
    "Account": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/DevAdmin"
}

Output

UserId -> (string)

The unique identifier of the calling entity. The exact value depends on the type of entity that is making the call. The values returned are those listed in the aws:userid column in the Principal table found on the Policy Variables reference page in the IAM User Guide .

Account -> (string)

The AWS account ID number of the account that owns or contains the calling entity.

Arn -> (string)

The AWS ARN associated with the calling entity.