Use `sts get-caller-identity` for `whoami` #33

simonw · 2021-11-11T06:02:40Z

I believe this will work even if you don't haveGetUser permission.

Saw this in https://aws-blog.de/2021/08/iam-what-happens-when-you-assume-a-role.html

https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html says:

No permissions are required to perform this operation. If an administrator adds a policy to your IAM user or role that explicitly denies access to the sts:GetCallerIdentity action, you can still perform this operation. Permissions are not required because the same information is returned when an IAM user or role is denied access.

The text was updated successfully, but these errors were encountered:

simonw · 2021-11-18T16:51:05Z

New output:

% s3-credentials whoami
{
    "UserId": "AIDAWXFXAIOZDWC2E6I3G",
    "Account": "462092780466",
    "Arn": "arn:aws:iam::462092780466:user/simon-administrator"
}

Refs #33, #34, #35

simonw added the enhancement New feature or request label Nov 11, 2021

simonw closed this as completed in 03417d9 Nov 18, 2021

simonw added a commit that referenced this issue Nov 18, 2021

whoami --auth tip, refs #33

600a01f

simonw added a commit that referenced this issue Nov 18, 2021

Release 0.6

8d3ee09

Refs #33, #34, #35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use `sts get-caller-identity` for `whoami` #33

Use `sts get-caller-identity` for `whoami` #33

simonw commented Nov 11, 2021 •

edited

Loading

simonw commented Nov 18, 2021

Use sts get-caller-identity for whoami #33

Use sts get-caller-identity for whoami #33

Comments

simonw commented Nov 11, 2021 • edited Loading

simonw commented Nov 18, 2021

Use `sts get-caller-identity` for `whoami` #33

Use `sts get-caller-identity` for `whoami` #33

simonw commented Nov 11, 2021 •

edited

Loading