From AWS SDK, how to I get the current logged in username (or IAM user)?

♀尐吖头ヾ 提交于 2020-07-20 07:03:30

问题


I'm using the Ruby SDK (V2), but I guess my question is more general than the specific implementation as I couldn't find an answer in any of the SDKs.

How do I get the username (and/or IAM user) that my session currently belongs to?

I let the SDK run its default behaviour for choosing credentials (ENV vars, then 'default' profile or other if specified and then machine role). Then I initialize my client and run commands. I'd like to know 'who is running the commands'. I expect to get the AWS username and if the chosen credentials were of an IAM user in it, then this username too.

Any ideas? The best I got so far was that after I build a Client object, I can query it's actual config and get Credentials. But that only gives me what credentials were chosen (i.e. SharedCredentials profile='default' vs. Credentials key=.. secret=..) and doesn't tell me who is the username behind it.

Many thanks!


回答1:


Be careful with your terminology -- interactions with the AWS APIs are all over HTTP, and are sessionless and stateless, so there's not really a concept of the currently "logged in" user, or a "session."

However, for a given set of credentials, you can fetch the attributes of the "current" user (the user whose credentials you're using) from Aws::IAM::CurrentUser.

http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/CurrentUser.html

Apologies for the lack of an example -- I am unfamiliar with Ruby in general -- but found this based on what I knew could be done with the direct query APIs and command line client with aws iam get-user. The available attributes are all the same: user_name, password_last_used, create_date, user_id, path, and arn... so I suspect this is what you're looking for.

From the Query API docs:

it defaults to the user making the request




回答2:


STS (Security Token Service) provides an API for this:

GetCallerIdentity Returns details about the IAM identity whose credentials are used to call the API.

http://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html



来源:https://stackoverflow.com/questions/34264824/from-aws-sdk-how-to-i-get-the-current-logged-in-username-or-iam-user

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!