Written by Jamie Tanna
on January 9, 2023
CC-BY-NC-SA-4.0 Apache-2.0
1 mins

Who do these AWS credentials belong to?

Featured image for sharing metadata for article

Let's say you've found an AWS_ACCESS_KEY_ID and an AWS_SECRET_ACCESS_KEY, whether that's on your local machine's ~/.aws/credentials, in your project's environment variables, etc - the important next question is "are these still active, and if so what access do they have?".

Fortunately you can use aws sts get-caller-identity to do this, for instance:

env AWS_ACCESS_KEY_ID='XN...' AWS_SECRET_ACCESS_KEY='fpQ...' aws sts get-caller-identity

This then outputs, for instance::

{
    "UserId": "...",
    "Account": "...",
    "Arn": "arn:aws:iam::...:user/..."
}

Or if the keys are no longer value, you'll get something along the lines of:

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

Written by Jamie Tanna on Mon, 09 Jan 2023 11:37:09+00:00, and last updated on Mon, 09 Jan 2023 11:37:09+00:00.

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #aws.

This post was filed under articles.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.

← → Top