STS / Client / get_caller_identity

get_caller_identity#

STS.Client.get_caller_identity()#

Returns details about the IAM user or role whose credentials are used to call the operation.

Note

No permissions are required to perform this operation. If an administrator attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity action, you can still perform this operation. Permissions are not required because the same information is returned when access is denied. To view an example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice in the IAM User Guide.

See also: AWS API Documentation

Request Syntax

response = client.get_caller_identity()
Return type:

dict

Returns:

Response Syntax

{
    'UserId': 'string',
    'Account': 'string',
    'Arn': 'string'
}

Response Structure

  • (dict) –

    Contains the response to a successful GetCallerIdentity request, including information about the entity making the request.

    • UserId (string) –

      The unique identifier of the calling entity. The exact value depends on the type of entity that is making the call. The values returned are those listed in the aws:userid column in the Principal table found on the Policy Variables reference page in the IAM User Guide.

    • Account (string) –

      The Amazon Web Services account ID number of the account that owns or contains the calling entity.

    • Arn (string) –

      The Amazon Web Services ARN associated with the calling entity.

Examples

This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012.

response = client.get_caller_identity(
)

print(response)

Expected Output:

{
    'Account': '123456789012',
    'Arn': 'arn:aws:iam::123456789012:user/Alice',
    'UserId': 'AKIAI44QH8DHBEXAMPLE',
    'ResponseMetadata': {
        '...': '...',
    },
}

This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName is set to my-role-session-name.

response = client.get_caller_identity(
)

print(response)

Expected Output:

{
    'Account': '123456789012',
    'Arn': 'arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name',
    'UserId': 'AKIAI44QH8DHBEXAMPLE:my-role-session-name',
    'ResponseMetadata': {
        '...': '...',
    },
}

This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name parameter is set to my-federated-user-name.

response = client.get_caller_identity(
)

print(response)

Expected Output:

{
    'Account': '123456789012',
    'Arn': 'arn:aws:sts::123456789012:federated-user/my-federated-user-name',
    'UserId': '123456789012:my-federated-user-name',
    'ResponseMetadata': {
        '...': '...',
    },
}