Menu
Amazon Web Services
General Reference (Version 1.0)

AWS Account Identifiers

AWS assigns two unique IDs to each AWS account:

  • An AWS account ID

  • A canonical user ID

The AWS account ID is a 12-digit number, such as 123456789012, that you use to construct Amazon Resource Names (ARNs). When you refer to resources, such as an IAM user or an Amazon Glacier vault, the account ID distinguishes your resources from resources in other AWS accounts.

The canonical user ID is a long string, such as 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be.

You can use canonical user IDs in an Amazon S3 bucket policy for cross-account access, which means an AWS account can access resources in another AWS account. For example, to grant another AWS account access to your bucket, you specify the account's canonical user ID in the bucket's policy. For more information, see Bucket Policy Examples in the Amazon Simple Storage Service Developer Guide.

Finding Your AWS Account ID

You can find the AWS account ID from AWS Management Console. The method that you use to find the account ID depends on how you are logged in to the console.

To view your AWS account ID when signed in as an AWS account root user

  1. Use your AWS account email address and password to sign in to the AWS Management Console as the root user.

    Important

    If you are signed in to the AWS Management Console with IAM user credentials, you must sign out and then sign in as the root user. If you see the account-specific IAM user sign-in page, choose Sign-in using root account credentials near the bottom of the page to return to the main sign-in page. From there, you can type your AWS account email address and password to sign in as the root user.

  2. In the top right of the console, choose your account name or number. Then choose My Security Credentials.

  3. If necessary, in the dialog box, choose Continue to Security Credentials. You can choose the box next to Don’t show me this message again to stop the dialog box from appearing in the future.

  4. Expand the Account Identifiers section to view your AWS account ID.

To view your AWS account ID when signed in as a federated user or an IAM user

  1. Sign in to the AWS Management Console as a federated user.

  2. Choose Support in the upper-right corner of the console and choose Support Center. If necessary, in the dialog box, choose Continue to Security Credentials. You can select the box next to Don’t show me this message again to stop the dialog box from appearing in the future.

  3. Your AWS account ID appears in the upper right. The account ID for an AWS account is the same for the AWS account root user and its IAM users. For more information, see Your AWS Account ID and Its Alias.

Finding Your Account Canonical User ID

You can view your canonical user ID from the AWS Management Console while signed in as the AWS account root user, or using the AWS API or AWS CLI while signed in as an IAM user. To learn about the differences between root user credentials and IAM user credentials, see AWS Account Root User Credentials vs. IAM User Credentials.

To use the the AWS API or AWS CLI, the IAM user must have permissions to perform the s3:ListAllMyBuckets action. For more information about permissions, see Permissions Related to Buckets and Managing Access Permissions to Your Amazon S3 Resources ( ) in the Amazon Simple Storage Service Developer Guide.

Important

Do not provide your Access Keys (Access Key ID and Secret Access Key) to a third party to help find your canonical user ID. By doing this, you might give them full access to your account.

To view your canonical user ID as a root user (console)

  1. Sign in as the root user using your AWS account email address and password.

    Important

    If you are signed in to the AWS Management Console with IAM user credentials, then you must sign out and then sign in as the root user. If you see the account-specific IAM user sign-in page, choose Sign-in using root account credentials near the bottom of the page to return to the main sign-in page. From there, you can type your AWS account email address and password to sign in as the root user.

  2. In the top right of the console, choose your account name or number. Then choose My Security Credentials.

  3. If necessary, in the dialog box, choose Continue to Security Credentials. You can choose the box next to Don’t show me this message again to stop the dialog box from appearing in the future.

  4. Expand the Account Identifiers section to view your canonical user ID.

    Note

    If you do not see the Account Identifiers section, then you are not signed in as the root user. Return to Step 1 above. If you do not have access to the root user credentials, contact your AWS account administrator and ask them to retrieve the canonical user ID.

To view your canonical user ID as an IAM user (API)

  • You can use the Amazon S3 ListBuckets API with your IAM user credentials to return the AWS account owner ID, which is the canonical user ID. For more information, see GET Service Response Elements in the Amazon Simple Storage Service API Reference.

To view your canonical user ID as an IAM user (CLI)

  • You can use the list-buckets command with your IAM user credentials to return the AWS account owner ID, which is the canonical user ID. For more information, see s3api list-buckets in the AWS Command Line Interface Reference.