Who do these AWS credentials belong to?

Featured image for sharing metadata for article

Let's say you've found an AWS_ACCESS_KEY_ID and an AWS_SECRET_ACCESS_KEY, whether that's on your local machine's ~/.aws/credentials, in your project's environment variables, etc - the important next question is "are these still active, and if so what access do they have?".

Fortunately you can use aws sts get-caller-identity to do this, for instance:

env AWS_ACCESS_KEY_ID='XN...' AWS_SECRET_ACCESS_KEY='fpQ...' aws sts get-caller-identity

This then outputs, for instance::

    "UserId": "...",
    "Account": "...",
    "Arn": "arn:aws:iam::...:user/..."

Or if the keys are no longer value, you'll get something along the lines of:

An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #aws.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.