docs.aws.amazon.com
Open in
urlscan Pro
143.204.98.45
Public Scan
URL:
https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html
Submission: On May 08 via api from BR — Scanned from DE
Submission: On May 08 via api from BR — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
SELECT YOUR COOKIE PREFERENCES
We use cookies and similar tools to enhance your experience, provide our
services, deliver relevant advertising, and make improvements. Approved third
parties also use these tools to help us deliver advertising and provide certain
site features.
CustomizeAccept all
CUSTOMIZE COOKIE PREFERENCES
We use cookies and similar tools (collectively, "cookies") for the following
purposes.
ESSENTIAL
Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.
PERFORMANCE
Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.
Allow performance category
Allowed
FUNCTIONAL
Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.
Allow functional category
Allowed
ADVERTISING
Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.
Allow advertising category
Allowed
Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice
.
CancelSave preferences
English
Sign In to the Console
1. AWS
2. ...
3. Documentation
4. AWS Security Token Service
5. API Reference
Feedback
Preferences
AWS Security Token Service
API Reference
* Welcome
* Actions
* AssumeRole
* AssumeRoleWithSAML
* AssumeRoleWithWebIdentity
* DecodeAuthorizationMessage
* GetAccessKeyInfo
* GetCallerIdentity
* GetFederationToken
* GetSessionToken
* Data Types
* AssumedRoleUser
* Credentials
* FederatedUser
* PolicyDescriptorType
* Tag
* Common Parameters
* Common Errors
GetCallerIdentity - AWS Security Token Service
AWSDocumentationAWS Security Token ServiceAPI Reference
Response ElementsErrorsExamplesSee Also
GETCALLERIDENTITY
PDF
Returns details about the IAM user or role whose credentials are used to call
the operation.
Note
No permissions are required to perform this operation. If an administrator adds
a policy to your IAM user or role that explicitly denies access to the
sts:GetCallerIdentity action, you can still perform this operation. Permissions
are not required because the same information is returned when an IAM user or
role is denied access. To view an example response, see I Am Not Authorized to
Perform: iam:DeleteVirtualMFADevice in the IAM User Guide.
RESPONSE ELEMENTS
The following elements are returned by the service.
Account
The AWS account ID number of the account that owns or contains the calling
entity.
Type: String
Arn
The AWS ARN associated with the calling entity.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
[\u0009\u000A\u000D\u0020-\u007E\u0085\u00A0-\uD7FF\uE000-\uFFFD\u10000-\u10FFFF]+
UserId
The unique identifier of the calling entity. The exact value depends on the type
of entity that is making the call. The values returned are those listed in the
aws:userid column in the Principal table found on the Policy Variables reference
page in the IAM User Guide.
Type: String
ERRORS
For information about the errors that are common to all actions, see Common
Errors.
EXAMPLES
EXAMPLE 1 - CALLED BY AN IAM USER.
This example shows a request and response made with the credentials for a user
named Alice in the AWS account 123456789012.
SAMPLE REQUEST
POST / HTTP/1.1
Host: sts.amazonaws.com
Accept-Encoding: identity
Content-Length: 32
Content-Type: application/x-www-form-urlencoded
Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20160126/us-east-1/sts/aws4_request,
SignedHeaders=host;user-agent;x-amz-date,
Signature=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
X-Amz-Date: 20160126T215751Z
User-Agent: aws-cli/1.10.0 Python/2.7.3 Linux/3.13.0-76-generic botocore/1.3.22
Action=GetCallerIdentity&Version=2011-06-15
SAMPLE RESPONSE
HTTP/1.1 200 OK
x-amzn-RequestId: 01234567-89ab-cdef-0123-456789abcdef
Content-Type: text/xml
Content-Length: 357
Date: Tue, 26 Jan 2016 21:57:47 GMT
<GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<GetCallerIdentityResult>
<Arn>arn:aws:iam::123456789012:user/Alice</Arn>
<UserId>AIDACKCEVSQ6C2EXAMPLE</UserId>
<Account>123456789012</Account>
</GetCallerIdentityResult>
<ResponseMetadata>
<RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
</ResponseMetadata>
</GetCallerIdentityResponse>
EXAMPLE 2 - CALLED BY FEDERATED USER CREATED WITH ASSUMEROLE.
This example shows a request and response made with temporary credentials
created by AssumeRole. The name of the assumed role is my-role-name, and the
RoleSessionName is set to my-role-session-name.
SAMPLE REQUEST
POST / HTTP/1.1
Host: sts.amazonaws.com
Accept-Encoding: identity
Content-Length: 43
X-Amz-Date: 20160301T213302Z
User-Agent: aws-cli/1.10.0 Python/2.7.3 Linux/3.13.0-79-generic botocore/1.3.22
X-Amz-Security-Token:<REDACTED>
Content-Type: application/x-www-form-urlencoded
Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20160301/us-east-1/sts/aws4_request,
SignedHeaders=host;user-agent;x-amz-date;x-amz-security-token,
Signature=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
Action=GetCallerIdentity&Version=2011-06-15
SAMPLE RESPONSE
HTTP/1.1 200 OK
x-amzn-RequestId: 01234567-89ab-cdef-0123-456789abcdef
Content-Type: text/xml
Content-Length: 438
Date: Tue, 01 Mar 2016 21:32:59 GMT
<GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<GetCallerIdentityResult>
<Arn>arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name</Arn>
<UserId>ARO123EXAMPLE123:my-role-session-name</UserId>
<Account>123456789012</Account>
</GetCallerIdentityResult>
<ResponseMetadata>
<RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
</ResponseMetadata>
</GetCallerIdentityResponse>
EXAMPLE 3 - CALLED BY FEDERATED USER CREATED WITH GETFEDERATIONTOKEN.
This example shows a request and response made with temporary credentials
created by using GetFederationToken. The Name parameter is set to
my-federated-user-name.
SAMPLE REQUEST
POST / HTTP/1.1
Host: sts.amazonaws.com
Accept-Encoding: identity
Content-Length: 43
X-Amz-Date: 20160301T215108Z
User-Agent: aws-cli/1.10.0 Python/2.7.3 Linux/3.13.0-79-generic botocore/1.3.22
X-Amz-Security-Token:<REDACTED>
Content-Type: application/x-www-form-urlencoded
Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20160301/us-east-1/sts/aws4_request,
SignedHeaders=host;user-agent;x-amz-date;x-amz-security-token,
Signature=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
Action=GetCallerIdentity&Version=2011-06-15
SAMPLE RESPONSE
HTTP/1.1 200 OK
x-amzn-RequestId: 01234567-89ab-cdef-0123-456789abcdef
Content-Type: text/xml
Content-Length: 437
Date: Tue, 01 Mar 2016 21:51:06 GMT
<GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<GetCallerIdentityResult>
<Arn>arn:aws:sts::123456789012:federated-user/my-federated-user-name</Arn>
<UserId>123456789012:my-federated-user-name</UserId>
<Account>123456789012</Account>
</GetCallerIdentityResult>
<ResponseMetadata>
<RequestId>01234567-89ab-cdef-0123-456789abcdef</RequestId>
</ResponseMetadata>
</GetCallerIdentityResponse>
SEE ALSO
For more information about using this API in one of the language-specific AWS
SDKs, see the following:
* AWS Command Line Interface
* AWS SDK for .NET
* AWS SDK for C++
* AWS SDK for Go
* AWS SDK for Java V2
* AWS SDK for JavaScript
* AWS SDK for PHP V3
* AWS SDK for Python
* AWS SDK for Ruby V3
Javascript is disabled or is unavailable in your browser.
To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.
Document Conventions
GetAccessKeyInfo
GetFederationToken
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of
it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
Did this page help you?
YesNo
Provide feedback
Next topic:GetFederationToken
Previous topic:GetAccessKeyInfo
Need help?
* Try AWS re:Post
* Connect with an AWS IQ expert
PrivacySite termsCookie preferences
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
On this page
--------------------------------------------------------------------------------
* Response Elements
* Errors
* Examples
* See Also
DID THIS PAGE HELP YOU? - NO
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
Feedback