2

my requirement is, my code will be deployed on an ec2 instance. and at some point, it needs the username of the IAM account who is executing that code. or whose session is currently active on that ec2 instance. Is it even possible?

FYI, I read the answers here From AWS SDK, how to I get the current logged in username (or IAM user)?, but they are not much of a use

PS. I have to authenticate which IAM account is executing the spark job

Edit: based on @John Rotenstein suggestions, adding more details

Many IAM users might access the ec2 instance when provided with IP. So based on which IAM users has logged in into EC2 instance, and is trying to run spark job in an EMR cluster. I want to validate if he has permission to execute the code ( There is a separate database of list of authorized users, where i would search his IAM username in database, if not found throw an error). For this purpose, i need the username of that IAM account.

If there is any utility in aws-sdk or some kind of metadata which gets created after a IAM user launches ec2 instance? And just for clarity, I know the details of os users, and not concerned with them. Till now, we were doing this process with os users only, but with new changes we need to validate users from their IAM account username instead of os usernames.

Sandip Kumar
  • 241
  • 3
  • 25
  • 1
    What do you mean by "the IAM account who is executing that code" and "whose session is currently active"? Are you referring to the Linux user, such as `ec2-user`? You tagged the question with `apache-spark`, but you didn't mention it in your question. Could you please edit your question to add more details? – John Rotenstein Jul 01 '20 at 08:04
  • I have added more details for clarity, please go through and let me know if you need more clarity on any point. – Sandip Kumar Jul 01 '20 at 09:35
  • 1
    IAM has nothing to do with logging into EC2 instances. IAM users don't log into EC2. EC2 instances can be launched by IAM users. And EC2 instances can be launched with an IAM role that provides AWS credentials to applications running on the EC2 instance (these are temporary STS credentials, not IAM user credentials). – jarmod Jul 01 '20 at 11:27
  • You are correct to say that, IAM user never logs into EC2 instance. And at least in my scenario STS and federated identities are not the cases, so I'll leave it on the side for now. I am just trying to figure out programmatically that if it is possible to find which IAM user is using the EC2 instance? – Sandip Kumar Jul 01 '20 at 11:54
  • We're still missing something here. What do you mean by "which IAM user is using the EC2 instance"? No IAM user is using the EC2 instance. – jarmod Jul 01 '20 at 13:58

0 Answers0