Viewing account identifiers
AWS assigns the following unique identifiers to each AWS account:
- AWS account ID
-
A 12-digit number, such as 123456789012, that uniquely identifies an
AWS account. Many AWS resources include the account ID in their Amazon Resource Names
(ARNs). The account ID portion distinguishes resources in one
account from the resources in another account. If you're an AWS Identity and Access Management (IAM)
user, you can sign in to the AWS Management Console using either the account ID or account
alias.
- Canonical user ID
-
An alpha-numeric identifier, such as
79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be,
that is an obfuscated form of the AWS account ID. You can use this ID to
identify an AWS account when granting cross-account access to buckets and
objects using Amazon Simple Storage Service (Amazon S3). You can retrieve the canonical user ID for your
AWS account as either the root user or an IAM user.
You must be authenticated with AWS to view these identifiers.
Do not provide your AWS credentials (including passwords and access keys) to a third
party that needs your AWS account identifiers to share AWS resources with you. Doing
so would give them the same access to the AWS account that you have.
Finding your AWS account ID
You can find the AWS account ID using either the AWS Management Console or the AWS Command Line Interface (AWS CLI).
In the console, the location of the account ID depends on whether you're signed in as
the root user or an IAM user. The account ID is the same whether you're signed in as the
root user or an IAM user.
Finding your account ID as the root user
- AWS Management Console
-
To find your AWS account ID when signed in as the
root user
To perform the following steps, you must have at least the following IAM permissions:
-
In the navigation bar on the upper right, choose your account
name or number and then choose My Security
Credentials.
-
Expand the Account identifiers section.
The account number appears next to the label
AWS account ID.
- AWS CLI & SDKs
-
To find your AWS account ID using the
AWS CLI
To perform the following steps, you must have at least the following IAM permissions:
Use the get-caller-identity command as follows.
$ aws sts get-caller-identity \
--query Account \
--output text
123456789012
Finding your account ID as an IAM
user
- AWS Management Console
-
To find your AWS account ID when signed in as an IAM
user
To perform the following steps, you must have at least the following IAM permissions:
-
In the navigation bar on the upper right, choose your user
name and then choose My Security
Credentials.
If you don't see the My Security
Credentials page, you might be signed in as a
federated user with an IAM role, instead of as an IAM
user. In this case, look for the entry My
Account and the account ID number next to
it.
-
At the top of the page, under Account
details, the account number appears next to the
label AWS account ID.
- AWS CLI & SDKs
-
To find your AWS account ID using the
AWS CLI
To perform the following steps, you must have at least the following IAM permissions:
Use the get-caller-identity command as follows.
$ aws sts get-caller-identity \
--query Account \
--output text
123456789012
Finding the canonical user ID for your
AWS account
You can find the canonical user ID for your AWS account using the AWS Management Console or the
AWS CLI. The canonical user ID for an AWS account is specific to that account. You can
retrieve the canonical user ID for your AWS account as the root user, a federated user,
or an IAM user.
Finding the canonical ID as the root user or
IAM user
- AWS Management Console
-
To find the canonical user ID for your account when signed in to
the console as the root user or an IAM user
To perform the following steps, you must have at least the following IAM permissions:
-
When you run the command as the root user, you don't need
any IAM permissions.
-
When you sign in as an IAM user, then you must
have:
-
Sign in to the AWS Management Console as the root user or an IAM
user.
-
In the navigation bar on the upper right, choose your account
name or number and then choose My Security
Credentials.
-
If you are the root user, expand Account
identifiers and find Canonical User
ID.
You will see the AWS Account ID and the Canonical User ID
values listed. You can use your canonical user ID to configure
Amazon S3 access control lists (ACLs).
If you're an IAM user, under Account
details, find Account canonical user
ID.
- AWS CLI & SDKs
-
To find the canonical user ID using the AWS CLI
The same AWS CLI and API command works for the AWS account root user, IAM
users, or IAM roles.
Use the list-buckets command as follows.
$ aws s3api list-buckets \
--query Owner.ID \
--output text
249fa2f1dc32c330EXAMPLE91b2778fcc65f980f9172f9cb9a5f50ccbEXAMPLE
Finding the canonical ID as a
federated user with an IAM role
- AWS Management Console
-
To find the canonical user ID for your account when signed in to
the console as a federated user with an IAM role
-
Sign in to the AWS Management Console as a federated user with an IAM
role.
-
In the Amazon S3 console, choose a bucket name to view details
about a bucket.
-
Choose Permissions, and then choose
Access Control List.
At the top of the page, under Access for bucket
owner, the canonical user ID for the
AWS account appears.
- AWS CLI & SDKs
-
To find the canonical user ID using the AWS CLI
The same AWS CLI and API command works for the AWS account root user, IAM
users, or IAM roles.
Use the list-buckets command as follows.
$ aws s3api list-buckets \
--query Owner.ID \
--output text
249fa2f1dc32c330EXAMPLE91b2778fcc65f980f9172f9cb9a5f50ccbEXAMPLE
