Amazon Web Services
General Reference (Version 1.0)

AWS Account Identifiers

AWS assigns two unique IDs to each AWS account:

  • An AWS account ID

  • A canonical user ID

The AWS account ID is a 12-digit number, such as 123456789012, that you use to construct Amazon Resource Names (ARNs). When you refer to resources, such as an IAM user or an Amazon Glacier vault, the account ID distinguishes your resources from resources in other AWS accounts.

The canonical user ID is a long string, such as 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be.

You can use canonical user IDs in an Amazon S3 bucket policy for cross-account access, which means an AWS account can access resources in another AWS account. For example, to grant another AWS account access to your bucket, you specify the account's canonical user ID in the bucket's policy. For more information, see Bucket Policy Examples in the Amazon Simple Storage Service Developer Guide.

Finding Your Account Identifiers

For AWS account users (root account users), you can get both IDs from the Account Identifiers section of the Security Credentials page. You can't change either ID.

For IAM or federated users, you can get your AWS account ID from the Support Center dashboard. You can also choose Support and then choose Support Center. The ID is displayed on the upper right. The account ID for an AWS account is the same for the root account and its IAM users. For more information, see Your AWS Account ID and Its Alias.


You can also return the canonical user ID with the Amazon S3 ListBuckets API. For more information, see GET Service Response Elements in the Amazon Simple Storage Service API Reference.