9

how to get aws account number /id based on EC2 instance ip which is hosted in amazon i have a instance name CTI server it is hosted in one AWS account. I have the details of CTI server like private ip and hosts and able to do ssh this instance through putty .I want the AWS account number /aws account ID of where this instance is created . is their any command to find out account number without login into aws console

Sandeep muthyapu
  • 281
  • 2
  • 3
  • 8

5 Answers5

20

You can obtain the account number from within an EC2 instance by querying the instance metadata. The metadata is located in http://169.254.169.254/latest/dynamic/instance-identity/document.

If an IAM role is attached to the instance, you can retrieve it using:

aws sts get-caller-identity
krishna_mee2004
  • 6,556
  • 2
  • 35
  • 45
  • 1
    And if you have `jq` installed, you can run `curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .accountId` – stdunbar Jul 30 '18 at 15:57
  • 3
    `curl http://169.254.169.254/latest/dynamic/instance-identity/document` and pulling out `accountId` is the best approach here since it doesn't require an IAM role be assigned to the instance, or the AWS CLI tool to be installed. – Mark B Jul 30 '18 at 16:48
  • This gives me "Unable to locate credentials. You can configure credentials by running "aws configure"." – parsley72 May 30 '19 at 04:41
  • @parsley72 - you need to attach an IAM role to your EC2 instance for the AWS command to work. Or, you would need to set the access and secret keys. – krishna_mee2004 May 30 '19 at 10:25
  • The curl command looks at the instance metadata. The AWS command queries AWS API to retrieve the data. These are different commands. – krishna_mee2004 May 30 '19 at 20:29
  • But don't they give the same result? – parsley72 Jun 04 '19 at 02:54
  • No, they don't provide the same results. – krishna_mee2004 Jun 04 '19 at 10:21
  • 1
    If you want to avoid grep/sed/jq you can also just ask the awscli to do the parsing: `aws sts get-caller-identity --query "Account" --output text` – John Jones Oct 28 '21 at 16:44
9

This information is available in the dynamic Instance Metadata. It can be extracted in a number of different ways.

jq

The jq JSON parser is the best method currently available, and it comes pre-installed on the AWS Linux AMIs.

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .accountId

Most other methods I found online tended to make a long chain of process calls like grep | sed | awk etc. which is less than ideal. So I explored some alternatives trying to limit the parsing to just one extra process.

sed

The best alternative I could come up with, using only a single pipe, was with sed and extended regular expressions. Plus, unlike the other solutions, this can even handle the (contrived) scenario of (escaped) double quotes in the middle of an accountId:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | sed -nE 's/.*"accountId"\s*:\s*"(.*)".*/\1/p'

Or, slightly less readable with plain BRE:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | sed -n 's/.*"accountId"\s*:\s*"\(.*\)".*/\1/p'

grep

grep is an option, but requires GNU grep with PCRE support:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep -oP '"accountId"\s*:\s*"\K[^"]+'

grep | cut

This more portable alternative requires an extra step (if avoiding heavier tools like awk), but is also more straightforward and easier to understand:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep '"region"' | cut -d\" -f4

The grep output looks like this:

  "region" : "us-east-1"

Then cut will split on double quotes and pick the fourth field.

awk

I try to avoid using awk for simple uses like this, but it can obviously do the above in one step. It may sometimes be the only available option (e.g busybox):

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | awk -F'"' '/"accountId"/ { print $4 }'
Amit Naidu
  • 2,494
  • 2
  • 24
  • 32
  • 2
    `jq` is not preinstalled on AWS Linux 2 AMI. – parsley72 May 30 '19 at 04:40
  • Yes, AWS Linux 2 is an LTS distribution, so it has a very limited set of core packages because Amazon is promising long-term user-space ABI compatibility. Other packages have been moved to the _extras_ channel. In the other AWS Linux AMI, jq has been available since [version 2013.03](https://aws.amazon.com/amazon-linux-ami/2013.03-packages/#j) – Amit Naidu May 30 '19 at 14:32
3

Without jq you can use this one.

curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep accountId| awk '{print $3}'|sed  's/"//g'|sed 's/,//g'
Roman Bovda
  • 31
  • 2
  • FWIW, can strip both " and , in one pass with | grep accountId | awk '{print $3;}' | sed 's/[",]//g' But since this is all hacky anyway, this works too.. Let awk do the search (don't need grep) and change awk's separator char to " and fetch the 4th item. curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | awk -F\" '/accountId/{print $4;}' – Daemon42 Feb 24 '23 at 17:52
0

The following will give you AWS Account ID:

curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/02:a2:1f:d5:fe:0f/owner-id
codersofthedark
  • 9,183
  • 8
  • 45
  • 70
-1

Here is a solution with use of metadata without jq

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | sed '2q;d' |cut -d : -f2 | awk -F\" '{print $2}'

Yoav Levi
  • 1
  • 1