Aws cli show current user

From AWS SDK, how to I get the current logged in username (or IAM user)?

Be careful with your terminology -- interactions with the AWS APIs are all over HTTP, and are sessionless and stateless, so there's not really a concept of the currently "logged in" user, or a "session."

However, for a given set of credentials, you can fetch the attributes of the "current" user (the user whose credentials you're using) from .

http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/CurrentUser.html

Apologies for the lack of an example -- I am unfamiliar with Ruby in general -- but found this based on what I knew could be done with the direct query APIs and command line client with . The available attributes are all the same: , , , , , and ... so I suspect this is what you're looking for.

From the Query API docs:

it defaults to the user making the request

answered Dec 14 '15 at 17:27

Michael - sqlbotMichael - sqlbot

146k2121 gold badges272272 silver badges345345 bronze badges

Sours: https://stackoverflow.com/questions/34264824/from-aws-sdk-how-to-i-get-the-current-logged-in-username-or-iam-user

get-current-user

Metadata of the user.

Id -> (string)

The ID of the user.

Username -> (string)

The login name of the user.

EmailAddress -> (string)

The email address of the user.

GivenName -> (string)

The given name of the user.

Surname -> (string)

The surname of the user.

OrganizationId -> (string)

The ID of the organization.

RootFolderId -> (string)

The ID of the root folder.

RecycleBinFolderId -> (string)

The ID of the recycle bin folder.

Status -> (string)

The status of the user.

Type -> (string)

The type of user.

CreatedTimestamp -> (timestamp)

The time when the user was created.

ModifiedTimestamp -> (timestamp)

The time when the user was modified.

TimeZoneId -> (string)

The time zone ID of the user.

Locale -> (string)

The locale of the user.

Storage -> (structure)

The storage for the user.

StorageUtilizedInBytes -> (long)

The amount of storage used, in bytes.

StorageRule -> (structure)

The storage for a user.

StorageAllocatedInBytes -> (long)

The amount of storage allocated, in bytes.

StorageType -> (string)

The type of storage.

Sours: https://docs.aws.amazon.com/goto/aws-cli/workdocs-2016-05-01/GetCurrentUser
  1. Oregon ducks football schedule 2012
  2. Simple mobile phones
  3. Yosemite fresh watermelon
  4. Zookeeper source code

describe-my-user-profile¶

Description¶

Describes a user's SSH information.

Required Permissions : To use this action, an IAM user must have self-management enabled or an attached policy that explicitly grants permissions. For more information about user permissions, see Managing User Permissions .

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis¶

describe-my-user-profile [--cli-input-json <value>] [--generate-cli-skeleton <value>]

Options¶

(string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by . If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

(string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value , prints a sample input JSON that can be used as an argument for . If provided with the value , it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Examples¶

To obtain a user's profile

The following example shows how to obtain the profile of the AWS Identity and Access Management (IAM) user that is running the command.

aws opsworks --region us-east-1 describe-my-user-profile

Output: For brevity, most of the user's SSH public key is replaced by an ellipsis (...).

{"UserProfile":{"IamUserArn":"arn:aws:iam::123456789012:user/myusername","SshPublicKey":"ssh-rsa AAAAB3NzaC1yc2EAAAABJQ...3LQ4aX9jpxQw== rsa-key-20141104","Name":"myusername","SshUsername":"myusername"}}

More Information

For more information, see Importing Users into AWS OpsWorks in the AWS OpsWorks User Guide.

Output¶

UserProfile -> (structure)

A object that describes the user's SSH information.

IamUserArn -> (string)

The user's IAM ARN.

Name -> (string)

The user's name.

SshUsername -> (string)

The user's SSH user name.

SshPublicKey -> (string)

The user's SSH public key.

Sours: https://docs.aws.amazon.com/cli/latest/reference/opsworks/describe-my-user-profile.html

get-caller-identity

Options¶

(string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by . If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

(string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value , prints a sample input JSON that can be used as an argument for . If provided with the value , it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Examples¶

To get details about the current IAM identity

The following example displays information about the IAM identity used to authenticate the request. The caller is an IAM user.

aws sts get-caller-identity

Output:

{"UserId":"AIDASAMPLEUSERID","Account":"123456789012","Arn":"arn:aws:iam::123456789012:user/DevAdmin"}

Output¶

UserId -> (string)

The unique identifier of the calling entity. The exact value depends on the type of entity that is making the call. The values returned are those listed in the aws:userid column in the Principal table found on the Policy Variables reference page in the IAM User Guide .

Account -> (string)

The Amazon Web Services account ID number of the account that owns or contains the calling entity.

Arn -> (string)

The Amazon Web Services ARN associated with the calling entity.

Sours: https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html

Current user aws cli show

apolloclark/aws cli cheatsheet.md

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.htmlhttps://www.youtube.com/watch?v=_wiGpBQGCjU

Setup

Overview

  • Virtualbox
  • Ubuntu 14.04 LTS VM, 64-bit http://releases.ubuntu.com/14.04/ubuntu-14.04.4-desktop-amd64.iso
  • create new machine, settings
    • System / Processor
    • System / Acceleration
      • Paravirtualization Interface: Default
      • Enable VT-x/AMD-V
      • Enable Nested Paging
    • Display / Screen
      • Video Memory: 128MB
      • Acceleration: Enable 3D Acceleration
  • boot
  • install

install Virtualbox Guest Additions, passwordless sudo

echo$USER sudo echo"$USER ALL=(ALL) NOPASSWD:ALL"| sudo tee -a /etc/sudoers sudo su apt-get update apt-get install -y build-essential dkms linux-headers-$(uname -r)cd /media/aws-admin/ sh ./VBoxLinuxAdditions.run shutdown now

install AWS CLI

sudo apt-get install -y python-dev python-pip sudo pip install awscli aws --version aws configure

Bash one-liners

cat <file># output a file tee # split output into a file cut -f 2 # print the 2nd column, per line sed -n '5{p;q}'# print the 5th line in a file sed 1d # print all lines, except the first tail -n +2 # print all lines, starting on the 2nd head -n 5 # print the first 5 lines tail -n 5 # print the last 5 lines expand # convert tabs to 4 spaces unexpand -a # convert 4 spaces to tabs wc # word count tr ''\\t # translate / convert characters to other characters sort # sort data uniq # show only unique entries paste # combine rows of text, by line join # combine rows of text, by initial column value

Cloudtrail - Logging and Auditing

http://docs.aws.amazon.com/cli/latest/reference/cloudtrail/ 5 Trails total, with support for resource level permissions

# list all trails aws cloudtrail describe-trails # list all S3 buckets aws s3 ls # create a new trail aws cloudtrail create-subscription \ --name awslog \ --s3-new-bucket awslog2016 # list the names of all trails aws cloudtrail describe-trails --output text | cut -f 8 # get the status of a trail aws cloudtrail get-trail-status \ --name awslog # delete a trail aws cloudtrail delete-trail \ --name awslog # delete the S3 bucket of a trail aws s3 rb s3://awslog2016 --force # add tags to a trail, up to 10 tags aws cloudtrail add-tags \ --resource-id awslog \ --tags-list "Key=log-type,Value=all"# list the tags of a trail aws cloudtrail list-tags \ --resource-id-list # remove a tag from a trail aws cloudtrail remove-tags \ --resource-id awslog \ --tags-list "Key=log-type,Value=all"

IAM

Users

https://blogs.aws.amazon.com/security/post/Tx15CIT22V4J8RP/How-to-rotate-access-keys-for-IAM-usershttp://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html Limits = 5000 users, 100 group, 250 roles, 2 access keys / user

http://docs.aws.amazon.com/cli/latest/reference/iam/index.html

# list all user's info aws iam list-users # list all user's usernames aws iam list-users --output text | cut -f 6 # list current user's info aws iam get-user # list current user's access keys aws iam list-access-keys # crate new user aws iam create-user \ --user-name aws-admin2 # create multiple new users, from a file allUsers=$(cat ./user-names.txt)foruserNamein$allUsers;do aws iam create-user \ --user-name $userNamedone# list all users aws iam list-users --no-paginate # get a specific user's info aws iam get-user \ --user-name aws-admin2 # delete one user aws iam delete-user \ --user-name aws-admin2 # delete all users# allUsers=$(aws iam list-users --output text | cut -f 6); allUsers=$(cat ./user-names.txt)foruserNamein$allUsers;do aws iam delete-user \ --user-name $userNamedone

Password policy

http://docs.aws.amazon.com/cli/latest/reference/iam/

# list policy# http://docs.aws.amazon.com/cli/latest/reference/iam/get-account-password-policy.html aws iam get-account-password-policy # set policy# http://docs.aws.amazon.com/cli/latest/reference/iam/update-account-password-policy.html aws iam update-account-password-policy \ --minimum-password-length 12 \ --require-symbols \ --require-numbers \ --require-uppercase-characters \ --require-lowercase-characters \ --allow-users-to-change-password # delete policy# http://docs.aws.amazon.com/cli/latest/reference/iam/delete-account-password-policy.html aws iam delete-account-password-policy

Access Keys

http://docs.aws.amazon.com/cli/latest/reference/iam/

# list all access keys aws iam list-access-keys # list access keys of a specific user aws iam list-access-keys \ --user-name aws-admin2 # create a new access key aws iam create-access-key \ --user-name aws-admin2 \ --output text | tee aws-admin2.txt # list last access time of an access key aws iam get-access-key-last-used \ --access-key-id AKIAINA6AJZY4EXAMPLE # deactivate an acccss key aws iam update-access-key \ --access-key-id AKIAI44QH8DHBEXAMPLE \ --status Inactive \ --user-name aws-admin2 # delete an access key aws iam delete-access-key \ --access-key-id AKIAI44QH8DHBEXAMPLE \ --user-name aws-admin2

Groups, Policies, Managed Policies

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.htmlhttp://docs.aws.amazon.com/cli/latest/reference/iam/

# list all groups aws iam list-groups # create a group aws iam create-group --group-name FullAdmins # delete a group aws iam delete-group \ --group-name FullAdmins # list all policies aws iam list-policies # get a specific policy aws iam get-policy \ --policy-arn <value># list all users, groups, and roles, for a given policy aws iam list-entities-for-policy \ --policy-arn <value># list policies, for a given group aws iam list-attached-group-policies \ --group-name FullAdmins # add a policy to a group aws iam attach-group-policy \ --group-name FullAdmins \ --policy-arn arn:aws:iam::aws:policy/AdministratorAccess # add a user to a group aws iam add-user-to-group \ --group-name FullAdmins \ --user-name aws-admin2 # list users, for a given group aws iam get-group \ --group-name FullAdmins # list groups, for a given user aws iam list-groups-for-user \ --user-name aws-admin2 # remove a user from a group aws iam remove-user-from-group \ --group-name FullAdmins \ --user-name aws-admin2 # remove a policy from a group aws iam detach-group-policy \ --group-name FullAdmins \ --policy-arn arn:aws:iam::aws:policy/AdministratorAccess # delete a group aws iam delete-group \ --group-name FullAdmins

S3

https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html#cli-aws-s3api

# list existing S3 buckets aws s3 ls # create a bucket name, using the current date timestamp bucket_name=test_$(date "+%Y-%m-%d_%H-%M-%S")echo$bucket_name# create a public facing bucket aws s3api create-bucket --acl "public-read-write" --bucket $bucket_name# verify bucket was created aws s3 ls | grep $bucket_name# check for public facing s3 buckets (should show the bucket name you created) aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-acl --bucket {} --query '"'"'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers` && Permission==`READ`]'"'"' --output text) ]]; then echo {} ; fi'# check for public facing s3 buckets, updated them to be private aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-acl --bucket {} --query '"'"'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers` && Permission==`READ`]'"'"' --output text) ]]; then aws s3api put-bucket-acl --acl "private" --bucket {} ; fi'# check for public facing s3 buckets (should be empty) aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-acl --bucket {} --query '"'"'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers` && Permission==`READ`]'"'"' --output text) ]]; then echo {} ; fi'

EC2

keypairs

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

# list all keypairs# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-key-pairs.html aws ec2 describe-key-pairs # create a keypair# http://docs.aws.amazon.com/cli/latest/reference/ec2/create-key-pair.html aws ec2 create-key-pair \ --key-name <value> --output text # create a new local private / public keypair, using RSA 4096-bit ssh-keygen -t rsa -b 4096 # import an existing keypair# http://docs.aws.amazon.com/cli/latest/reference/ec2/import-key-pair.html aws ec2 import-key-pair \ --key-name keyname_test \ --public-key-material file:///home/apollo/id_rsa.pub # delete a keypair# http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-key-pair.html aws ec2 delete-key-pair \ --key-name <value>

Security Groups

http://docs.aws.amazon.com/cli/latest/reference/ec2/index.html

# list all security groups aws ec2 describe-security-groups # create a security group aws ec2 create-security-group \ --vpc-id vpc-1a2b3c4d \ --group-name web-access \ --description "web access"# list details about a securty group aws ec2 describe-security-groups \ --group-id sg-0000000 # open port 80, for everyone aws ec2 authorize-security-group-ingress \ --group-id sg-0000000 \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/24 # get my public ip my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com);echo$my_ip# open port 22, just for my ip aws ec2 authorize-security-group-ingress \ --group-id sg-0000000 \ --protocol tcp \ --port 80 \ --cidr $my_ip/24 # remove a firewall rule from a group aws ec2 revoke-security-group-ingress \ --group-id sg-0000000 \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/24 # delete a security group aws ec2 delete-security-group \ --group-id sg-00000000

Images

https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html

# list all private AMI's, ImageId and Name tags aws ec2 describe-images --filter "Name=is-public,Values=false" \ --query 'Images[].[ImageId, Name]' \ --output text | sort -k2 # delete an AMI, by ImageId aws ec2 deregister-image --image-id ami-00000000

Instances

http://docs.aws.amazon.com/cli/latest/reference/ec2/index.html

# list all instances (running, and not running)# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html aws ec2 describe-instances # list all instances running aws ec2 describe-instances --filters Name=instance-state-name,Values=running # create a new instance# http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html aws ec2 run-instances \ --image-id ami-f0e7d19a \ --instance-type t2.micro \ --security-group-ids sg-00000000 \ --dry-run # stop an instance# http://docs.aws.amazon.com/cli/latest/reference/ec2/terminate-instances.html aws ec2 terminate-instances \ --instance-ids <instance_id># list status of all instances# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instance-status.html aws ec2 describe-instance-status # list status of a specific instance aws ec2 describe-instance-status \ --instance-ids <instance_id># list all running instance, Name tag and Public IP Address aws ec2 describe-instances \ --filters Name=instance-state-name,Values=running \ --query 'Reservations[].Instances[].[PublicIpAddress, Tags[?Key==`Name`].Value | [0] ]' \ --output text | sort -k2

Tags

# list the tags of an instance# http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-tags.html aws ec2 describe-tags # add a tag to an instance# http://docs.aws.amazon.com/cli/latest/reference/ec2/create-tags.html aws ec2 create-tags \ --resources "ami-1a2b3c4d" \ --tags Key=name,Value=debian # delete a tag on an instance# http://docs.aws.amazon.com/cli/latest/reference/ec2/delete-tags.html aws ec2 delete-tags \ --resources "ami-1a2b3c4d" \ --tags Key=Name,Value=

Cloudwatch

Log Groups

http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.htmlhttp://docs.aws.amazon.com/cli/latest/reference/logs/index.html#cli-aws-logs

create a group

http://docs.aws.amazon.com/cli/latest/reference/logs/create-log-group.html

aws logs create-log-group \ --log-group-name "DefaultGroup"
list all log groups

http://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-groups.html

aws logs describe-log-groups aws logs describe-log-groups \ --log-group-name-prefix "Default"
delete a group

http://docs.aws.amazon.com/cli/latest/reference/logs/delete-log-group.html

aws logs delete-log-group \ --log-group-name "DefaultGroup"

Log Streams

# Log group names can be between 1 and 512 characters long. Allowed# characters include a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen),# '/' (forward slash), and '.' (period).# create a log stream# http://docs.aws.amazon.com/cli/latest/reference/logs/create-log-stream.html aws logs create-log-stream \ --log-group-name "DefaultGroup" \ --log-stream-name "syslog"# list details on a log stream# http://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-streams.html aws logs describe-log-streams \ --log-group-name "syslog" aws logs describe-log-streams \ --log-stream-name-prefix "syslog"# delete a log stream# http://docs.aws.amazon.com/cli/latest/reference/logs/delete-log-stream.html aws logs delete-log-stream \ --log-group-name "DefaultGroup" \ --log-stream-name "Default Stream"

Cloudwatch - Monitoring

http://docs.aws.amazon.com/cli/latest/reference/cloudwatch/index.html

Sours: https://gist.github.com/apolloclark/b3f60c1f68aa972d324b

get-current-user

Options¶

(string)

Amazon WorkDocs authentication token.

| (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by . If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with .

(string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value , prints a sample input JSON that can be used as an argument for . Similarly, if provided it will print a sample input YAML that can be used with . If provided with the value , it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Output¶

User -> (structure)

Metadata of the user.

Id -> (string)

Username -> (string)

The login name of the user.

EmailAddress -> (string)

The email address of the user.

GivenName -> (string)

The given name of the user.

Surname -> (string)

OrganizationId -> (string)

The ID of the organization.

RootFolderId -> (string)

The ID of the root folder.

RecycleBinFolderId -> (string)

The ID of the recycle bin folder.

Status -> (string)

Type -> (string)

CreatedTimestamp -> (timestamp)

The time when the user was created.

ModifiedTimestamp -> (timestamp)

The time when the user was modified.

TimeZoneId -> (string)

The time zone ID of the user.

Locale -> (string)

Storage -> (structure)

The storage for the user.

StorageUtilizedInBytes -> (long)

The amount of storage used, in bytes.

StorageRule -> (structure)

The storage for a user.

StorageAllocatedInBytes -> (long)

The amount of storage allocated, in bytes.

StorageType -> (string)

Sours: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/workdocs/get-current-user.html

Now discussing:

get-user

A structure containing details about the IAM user.

Warning

Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report , and returned by this operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate.

You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to Amazon Web Services in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access Amazon Web Services programmatically you can refer to access key last used information because it is accurate for all dates.

Path -> (string)

The path to the user. For more information about paths, see IAM identifiers in the IAM User Guide .

The ARN of the policy used to set the permissions boundary for the user.

UserName -> (string)

The friendly name identifying the user.

UserId -> (string)

The stable and unique string identifying the user. For more information about IDs, see IAM identifiers in the IAM User Guide .

Arn -> (string)

The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide .

CreateDate -> (timestamp)

The date and time, in ISO 8601 date-time format , when the user was created.

PasswordLastUsed -> (timestamp)

The date and time, in ISO 8601 date-time format , when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide . If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:

  • The user never had a password.
  • A password exists but has not been used since IAM started tracking this information on October 20, 2014.

A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.

This value is returned only in the GetUser and ListUsers operations.

PermissionsBoundary -> (structure)

For more information about permissions boundaries, see Permissions boundaries for IAM identities in the IAM User Guide .

PermissionsBoundaryType -> (string)

The permissions boundary usage type that indicates what type of IAM resource is used as the permissions boundary for an entity. This data type can only have a value of .

PermissionsBoundaryArn -> (string)

The ARN of the policy used to set the permissions boundary for the user or role.

Tags -> (list)

A list of tags that are associated with the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

(structure)

A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see Tagging IAM resources in the IAM User Guide .

Key -> (string)

The key name that can be used to look up or retrieve the associated value. For example, or are common choices.

Value -> (string)

The value associated with this tag. For example, tags with a key name of could have values such as , , and . Tags with a key name of might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.

Note

Amazon Web Services always interprets the tag as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.

Sours: https://docs.aws.amazon.com/cli/latest/reference/iam/get-user.html


2559 2560 2561 2562 2563