Anyway to get an EC2 account id?
4,744 views
Skip to first unread message
Michael Barrett
Jan 18, 2011, 5:59:20 PM1/18/11
to boto-...@googlegroups.com
Hi - I'm working on making an EC2 AMI I created available to the two different EC2 accounts my company uses. I have connections for each of the accounts, is there anyway to get the account id from the connection? Or another way altogether?
Thanks!
--
Michael Barrett
lok...@gmail.com
aculab\alanp
Jan 19, 2011, 4:38:04 AM1/19/11
to boto-...@googlegroups.com
Hi Michael
If you have an EC2 connection object, there are multiple attributes and
member functions to that object (currently 126 in total to my count).
These include: "access_key" and "aws_access_key_id" (both actually the
same value as far as I can see), plus "aws_secret_access_key" (like so
many things in python - not actually so secret ;^)
Regards
Alan
Mitchell Garnaat
Jan 19, 2011, 10:02:14 AM1/19/11
to boto-...@googlegroups.com
Unfortunately, the account ID is not one those easily accessible attributes. In fact, they make it pretty hard to find. This blog post:
talks about the various credentials and describes a manual method for retrieving the account ID. There are some EC2 API calls that return the account id as part of the response. For example, if the account in question has any AMI's associated with it, you could do something like:
images = ec2conn.get_all_images(owners=['self'])
and then look for the "owner_id" attribute in one of the Image objects returned. Or, if there are security groups that have been created by the account you can do:
groups = ec2conn.get_all_security_groups()
and look for the "owner_id" attribute of one of those groups. It's kind of a hack but it's the only way I know of to get at it programmatically.
Mitch
--
You received this message because you are subscribed to the Google Groups "boto-users" group.
To post to this group, send email to boto-...@googlegroups.com.
To unsubscribe from this group, send email to boto-users+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/boto-users?hl=en.
Michael Barrett
Jan 19, 2011, 10:44:29 AM1/19/11
to boto-...@googlegroups.com
Gene Wood
Apr 28, 2014, 3:49:25 PM4/28/14
to boto-...@googlegroups.com, lok...@gmail.com
One good way to determine your account ID is to pull it from your own user account. Here's some example code
conn_iam = boto.iam.connect_to_region('universal')
account_id = conn_iam.get_user()['get_user_response']['get_user_result']['user']['arn'].split(':')[4]
This queries the AWS API for information on your own user account, extracts the ARN and pulls out your account ID.
-Gene
conn_iam = boto.iam.connect_to_region('universal')
account_id = conn_iam.get_user()['get_user_response']['get_user_result']['user']['arn'].split(':')[4]
This queries the AWS API for information on your own user account, extracts the ARN and pulls out your account ID.
-Gene
Aaron Culich
Oct 17, 2014, 6:56:01 AM10/17/14
to boto-...@googlegroups.com, lok...@gmail.com
A simpler version of the same basic method you suggest here is:
import boto
iam = boto.connect_iam()
iam.get_user().user_id
Gene Wood
Apr 18, 2015, 5:55:34 PM4/18/15
to boto-...@googlegroups.com, lok...@gmail.com
Aaron,
I like your suggestion. It looks like that returns the users "UserId" instead of their Account ID. Here's some info on the fields that the GetUser API call returns
http://docs.aws.amazon.com/IAM/latest/APIReference/API_User.html
Adapting your suggestion, here's a hybrid of mine and yours which both returns the AWS Account ID and does so in a simple and easy to read form like your code :
import boto
boto.connect_iam().get_user().arn.split(':')[4]
This will return the AWS Account ID (an integer).
-Gene
I like your suggestion. It looks like that returns the users "UserId" instead of their Account ID. Here's some info on the fields that the GetUser API call returns
http://docs.aws.amazon.com/IAM/latest/APIReference/API_User.html
Adapting your suggestion, here's a hybrid of mine and yours which both returns the AWS Account ID and does so in a simple and easy to read form like your code :
import boto
boto.connect_iam().get_user().arn.split(':')[4]
This will return the AWS Account ID (an integer).
-Gene
Gene Wood
Nov 25, 2015, 5:46:16 PM11/25/15
to boto-users, lok...@gmail.com
And if you've moved on to using boto3 instead of boto, here's how to get your account ID with boto3. This also accommodates ec2 instances and lambda functions (instead of just users).
https://gist.github.com/gene1wood/6d4974b7503336d642c9
from botocore.vendored import requests
import boto3
def get_account_id():
try:
# We're running in an ec2 instance, get the account id from the
# instance profile ARN
return requests.get(
'http://169.254.169.254/latest/meta-data/iam/info/',
timeout=1).json()['InstanceProfileArn'].split(':')[4]
except:
pass
try:
# We're not on an ec2 instance but have api keys, get the account
# id from the user ARN
return boto3.client('iam').get_user()['User']['Arn'].split(':')[4]
except:
pass
return False
https://gist.github.com/gene1wood/6d4974b7503336d642c9
from botocore.vendored import requests
import boto3
def get_account_id():
try:
# We're running in an ec2 instance, get the account id from the
# instance profile ARN
return requests.get(
'http://169.254.169.254/latest/meta-data/iam/info/',
timeout=1).json()['InstanceProfileArn'].split(':')[4]
except:
pass
try:
# We're not on an ec2 instance but have api keys, get the account
# id from the user ARN
return boto3.client('iam').get_user()['User']['Arn'].split(':')[4]
except:
pass
return False
Viral Desai
Jan 17, 2016, 12:39:00 PM1/17/16
to boto-users, lok...@gmail.com
When using roles or calling from lambda, this method(a good one), cannot find the account number...
Reply all
Reply to author
Forward
0 new messages