How to get AWS account details using java api? Not for IAM user

Question

We have two AWS accounts. One is for production and another is for testing. We need to differentiate the environment we are running. We can see that a simple way is to get account name and once we get that it will be very straight forward. But, we don't know how to get it from AWS credentials or properties. Does anyone have idea about how to get account information using AWS credentials? I considered the possibility of account permissions, account type etc, but I think it should not prevent us from getting account name?

aws has resource group function, it will help you for your problem. — BMW, Dec 16 '15 at 09:22
answered at http://stackoverflow.com/questions/10197784/how-can-i-deduce-the-aws-account-id-from-available-basicawscredentials — phoenix, Dec 17 '15 at 11:39
Thanks @Sri.U, the link is useful specially when user does not have access **getUser()** then we can get account id by parsing **error** message. — Pramod Gaikwad, Dec 17 '15 at 15:45

score 13 · Answer 1 · answered Jan 19 '18 at 15:36

13

With a rather recent aws java sdk you can use getCallerIdentity:

AWSSecurityTokenServiceClientBuilder.standard().build()
    .getCallerIdentity(new GetCallerIdentityRequest()).getAccount()

answered Jan 19 '18 at 15:36

Steven

2,050
23
20

score 3 · Accepted Answer · edited Dec 21 '15 at 15:31

3

You can see the GetUserResult. This is returned by getUser(). GetUserResult has a method to get User. This User has all the fields to get the required information you need.

edited Dec 21 '15 at 15:31

mkobit

43,979
12
156
150

answered Dec 17 '15 at 11:47

phoenix

3,069
3
22
29

score 2 · Answer 3 · answered Dec 17 '15 at 18:30

2

look at the account number that is returned in the get_user (iam user) eg,

"Arn": "arn:aws:iam::THISISYOURNUMERICACCOUNTNUMBER:user/lcerezo"

answered Dec 17 '15 at 18:30

lcerezo

31
3

score 2 · Answer 4 · answered Jun 01 '16 at 22:29

2

In case you are using the Secured Token Service, you will not be able to get the user details to get the account number. You can instead use the role. Below is the sample code.

AmazonIdentityManagementClient iamClient = new AmazonIdentityManagementClient();
GetRoleRequest getRoleRequest = new GetRoleRequest();
getRoleRequest.setRoleName("roleName");
String accountNumber = iamClient.getRole(getRoleRequest).getRole().getArn().split(":")[4];

answered Jun 01 '16 at 22:29

SheoSinha

107
4

1

Not the best approach, but works for me. Hope amazon guys are reading such posts and will add getAccountId to the API. – Vadim Jan 30 '17 at 07:58

Adrian Baker · Answer 5 · 2020-08-21T04:12:24.780

Using the AWS v2.0 Java SDK, you can use software.amazon.awssdk.services.sts.StsClient#getCallerIdentity.

First add a dependency to the sts module, eg in gradle:

implementation platform("software.amazon.awssdk:bom:2.14.2")
implementation "software.amazon.awssdk:sts"

Then:

log.info("{}", StsClient.create().getCallerIdentity());

will return:

GetCallerIdentityResponse(UserId=AJAIVBQXMUAJAIVBQXMU, Account=298232720644, Arn=arn:aws:iam::298232720644:user/adrian)

score 1 · Answer 6 · answered May 09 '16 at 04:41

1

AmazonIdentityManagementClient iamClient = new AmazonIdentityManagementClient();

String accountNumber = iamClient.getUser().getUser().getArn().split(":")[4]);

answered May 09 '16 at 04:41

SheoSinha

107
4

Add further details as to why would this answer work for the OP – NSNoob May 09 '16 at 04:45

How to get AWS account details using java api? Not for IAM user

6 Answers6