Try it now and let us know what you think. Switch to the new look >>
You can return to the original look by selecting English in the language selector above.
GetCallerIdentity
Returns details about the IAM user or role whose credentials are used to call the operation.
Note
No permissions are required to perform this operation. If an administrator adds a
policy to your IAM user or role that explicitly denies access to the
sts:GetCallerIdentity action, you can still perform this operation.
Permissions are not required because the same information is returned when an IAM
user
or role is denied access. To view an example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice.
Response Elements
The following elements are returned by the service.
- Account
-
The AWS account ID number of the account that owns or contains the calling entity.
Type: String
- Arn
-
The AWS ARN associated with the calling entity.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
[\u0009\u000A\u000D\u0020-\u007E\u0085\u00A0-\uD7FF\uE000-\uFFFD\u10000-\u10FFFF]+ - UserId
-
The unique identifier of the calling entity. The exact value depends on the type of entity that is making the call. The values returned are those listed in the aws:userid column in the Principal table found on the Policy Variables reference page in the IAM User Guide.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
Examples
Example 1 - Called by an IAM user.
This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012.
Sample Request
POST / HTTP/1.1 Host: sts.amazonaws.com Accept-Encoding: identity Content-Length: 32 Content-Type: application/x-www-form-urlencoded Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20160126/us-east-1/sts/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef X-Amz-Date: 20160126T215751Z User-Agent: aws-cli/1.10.0 Python/2.7.3 Linux/3.13.0-76-generic botocore/1.3.22 Action=GetCallerIdentity&Version=2011-06-15
Sample Response
HTTP/1.1 200 OK x-amzn-RequestId: 01234567-89ab-cdef-0123-456789abcdef Content-Type: text/xml Content-Length: 357 Date: Tue, 26 Jan 2016 21:57:47 GMT <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/"> <GetCallerIdentityResult> <Arn>arn:aws:iam::123456789012:user/Alice</Arn> <UserId>AIDACKCEVSQ6C2EXAMPLE</UserId> <Account>123456789012</Account> </GetCallerIdentityResult> <ResponseMetadata> <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId> </ResponseMetadata> </GetCallerIdentityResponse>
Example 2 - Called by federated user created with AssumeRole.
This example shows a request and response made with temporary credentials created
by AssumeRole. The name of the assumed role is
my-role-name, and the RoleSessionName is set to
my-role-session-name.
Sample Request
POST / HTTP/1.1 Host: sts.amazonaws.com Accept-Encoding: identity Content-Length: 43 X-Amz-Date: 20160301T213302Z User-Agent: aws-cli/1.10.0 Python/2.7.3 Linux/3.13.0-79-generic botocore/1.3.22 X-Amz-Security-Token:<REDACTED> Content-Type: application/x-www-form-urlencoded Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20160301/us-east-1/sts/aws4_request, SignedHeaders=host;user-agent;x-amz-date;x-amz-security-token, Signature=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef Action=GetCallerIdentity&Version=2011-06-15
Sample Response
HTTP/1.1 200 OK x-amzn-RequestId: 01234567-89ab-cdef-0123-456789abcdef Content-Type: text/xml Content-Length: 438 Date: Tue, 01 Mar 2016 21:32:59 GMT <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/"> <GetCallerIdentityResult> <Arn>arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name</Arn> <UserId>ARO123EXAMPLE123:my-role-session-name</UserId> <Account>123456789012</Account> </GetCallerIdentityResult> <ResponseMetadata> <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId> </ResponseMetadata> </GetCallerIdentityResponse>
Example 3 - Called by federated user created with GetFederationToken.
This example shows a request and response made with temporary credentials created
by using GetFederationToken. The Name parameter is set to
my-federated-user-name.
Sample Request
POST / HTTP/1.1 Host: sts.amazonaws.com Accept-Encoding: identity Content-Length: 43 X-Amz-Date: 20160301T215108Z User-Agent: aws-cli/1.10.0 Python/2.7.3 Linux/3.13.0-79-generic botocore/1.3.22 X-Amz-Security-Token:<REDACTED> Content-Type: application/x-www-form-urlencoded Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20160301/us-east-1/sts/aws4_request, SignedHeaders=host;user-agent;x-amz-date;x-amz-security-token, Signature=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef Action=GetCallerIdentity&Version=2011-06-15
Sample Response
HTTP/1.1 200 OK x-amzn-RequestId: 01234567-89ab-cdef-0123-456789abcdef Content-Type: text/xml Content-Length: 437 Date: Tue, 01 Mar 2016 21:51:06 GMT <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/"> <GetCallerIdentityResult> <Arn>arn:aws:sts::123456789012:federated-user/my-federated-user-name</Arn> <UserId>123456789012:my-federated-user-name</UserId> <Account>123456789012</Account> </GetCallerIdentityResult> <ResponseMetadata> <RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId> </ResponseMetadata> </GetCallerIdentityResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
