If someone gives me an S3 url with a bucket and an object, but I don't know which account owns the bucket, how can I determine which credentials to present in order to gain access to the object, assuming I have access to hundreds of AWS accounts, but I just don't know which one to look in?
Asked
Active
Viewed 9,713 times
10
-
1S3 object URLs does not have any piece of information that can be related to an account. You need at least S3 bucket ARN to get the owner account id. – theist Oct 02 '18 at 10:54
2 Answers
1
Using the AWS CLI login to each account and run aws s3 ls and save it to a file. I would name the files using an account key or something else that uniquely identifies each AWS account you have. Then you can grep those files for a bucket name and find which account it belonged to.
chicks
- 3,793
- 10
- 27
- 36
1
I would simply ask them what account it is ;)
Otherwise if you can’t tell from the bucket name you will have to list buckets from each account and see if your bucket is there.
Simple shell script parsing ~/.aws/credentials and running aws —profile ${PROFILE} s3 ls should do. Assuming you’ve got CLI credentials for each account in there.
However before going through all that I would ask them what account it is first ;)
MLu
- 24,849
- 5
- 59
- 86