Method: Aws::STS::Client#get_caller_identity

Defined in:

lib/aws-sdk-sts/client.rb

#get_caller_identity(params = {}) ⇒ Types::GetCallerIdentityResponse

Returns details about the IAM user or role whose credentials are used to call the operation.

<note markdown=“1”> No permissions are required to perform this operation. If an administrator attaches a policy to your identity that explicitly denies access to the ‘sts:GetCallerIdentity` action, you can still perform this operation. Permissions are not required because the same information is returned when access is denied. To view an example response, see [I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice] in the *IAM User Guide*.

</note>

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa

Examples:

Example: To get details about a calling IAM user

# This example shows a request and response made with the credentials for a user named Alice in the AWS account
# 123456789012.

resp = client.get_caller_identity({
})

resp.to_h outputs the following:
{
  account: "123456789012", 
  arn: "arn:aws:iam::123456789012:user/Alice", 
  user_id: "AKIAI44QH8DHBEXAMPLE", 
}

Example: To get details about a calling user federated with AssumeRole

# This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed
# role is my-role-name, and the RoleSessionName is set to my-role-session-name.

resp = client.get_caller_identity({
})

resp.to_h outputs the following:
{
  account: "123456789012", 
  arn: "arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name", 
  user_id: "AKIAI44QH8DHBEXAMPLE:my-role-session-name", 
}

Example: To get details about a calling user federated with GetFederationToken

# This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name
# parameter is set to my-federated-user-name.

resp = client.get_caller_identity({
})

resp.to_h outputs the following:
{
  account: "123456789012", 
  arn: "arn:aws:sts::123456789012:federated-user/my-federated-user-name", 
  user_id: "123456789012:my-federated-user-name", 
}

Response structure

resp.user_id #=> String
resp.account #=> String
resp.arn #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::GetCallerIdentityResponse) —

  Returns a response object which responds to the following methods:

  • #user_id => String

  • #account => String

  • #arn => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-sts/client.rb', line 2095

def get_caller_identity(params = {}, options = {})
  req = build_request(:get_caller_identity, params)
  req.send_request(options)
end