Quick way to get AWS Account number from the AWS CLI tools?

Amazon Web-ServicesAws CliAmazon IamAws Sts

Amazon Web-Services Problem Overview

Looking for a quick way to pull my account number, I had originally thought of using aws iam get-account-authorization-details --max-items 1 but there are several issues with doing it this way. Is there a way to do this that might not cross account origins?

Amazon Web-Services Solutions

Solution 1 - Amazon Web-Services

You can get the account number from the Secure Token Service subcommand get-caller-identity using the following:

aws sts get-caller-identity --query Account --output text

Solution 2 - Amazon Web-Services

From my related answer for the AWS PowerShell CLI, your Account ID is a part of the Arn of resources that you create... and those that are automatically created for you. Some resources will also list you as an OwnerId.

The Default Security Group is automatically created for you in each region's default VPC as a reserved security group. From the documentation:

> You can't delete a default security group. If you try to delete the EC2-Classic default security group, you'll get the following error: Client.InvalidGroup.Reserved: The security group 'default' is reserved. If you try to delete a VPC default security group, you'll get the following error: Client.CannotDelete: the specified group: "sg-51530134" name: "default" cannot be deleted by a user.

This makes it a reliable candidate for retrieving our account Id, as long as you are in EC2 classic or have a default VPC (*see edge cases if you don't).

Example:

aws ec2 describe-security-groups \
    --group-names 'Default' \
    --query 'SecurityGroups[0].OwnerId' \
    --output text

This uses --query to filter the output down to the "owner ID" for the first result from this request, and then uses --output to output your account ID as plaintext:

123456781234

Edge cases:

(Thanks @kenchew) Note that if you've deleted your default VPC in a given region, this security group no longer exists and you should use one of these alternative solutions:

Further reading:

Solution 3 - Amazon Web-Services

If you are running on a server that is running with an assumed role you can't call aws sts get-caller-identity. Also, with describe-security-groups you can't always use the --group-names filter (it doesn't work if you don't have a default VPC), so just pick the first security group. I've found this to be the most reliable regardless of what sort of authentication you use or what sort of VPC you have.

aws ec2 describe-security-groups --query 'SecurityGroups[0].OwnerId' --output text

Solution 4 - Amazon Web-Services

My favorite method is to use aws iam get-user [--profile <profile>] since you only need IAM self service role for this to work.

Categories
Recommended Amazon Web-Services Solutions
Recommended Aws Cli Solutions
Recommended Amazon Iam Solutions

Previous Solution:

How to use TypeToken + generics with Gson in Kotlin

GenericsGsonKotlinTypetoken

Next Solution:

Content type 'application/x-www-form-urlencoded;charset=UTF-8' not supported for @RequestBody MultiValueMap

SpringSpring MvcModel View-Controller

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionehimeView Question on Stackoverflow
Solution 1 - Amazon Web-ServicesTaras AleninView Answer on Stackoverflow
Solution 2 - Amazon Web-ServicesAnthony NeaceView Answer on Stackoverflow
Solution 3 - Amazon Web-ServicesPhilip KirklandView Answer on Stackoverflow
Solution 4 - Amazon Web-Servicesuser2976775View Answer on Stackoverflow