Find role being used on server from AWS CLI

amazon-web-services amazon-iam
ryantuck picture ryantuck · Nov 15, 2017 · Viewed 14.6k times · Source

I'm on an EC2 instance that has an IAM role attached to it, and would like to be able to verify that I am indeed using this role from the AWS CLI.

I'm imagining being able to call something like this (but can't find anything like it in the CLI docs):

$ aws get-current-role-details

Does this functionality exist?

Answer

Tyrone321 picture Tyrone321 · Aug 29, 2018

See the AWS STS command get-caller-identity.

Returns details about the IAM identity whose credentials are used to call the API.

$ aws sts get-caller-identity
{
    "Account": "0123456789",
    "UserId": "AROAxxx:i-abc123",
    "Arn": "arn:aws:sts::0123456789:assumed-role/EMR_EC2_DefaultRole/i-abc123"
}

You can then take the role name, and query IAM for the role details.

$ aws iam list-attached-role-policies --role-name EMR_EC2_DefaultRole
{
    "AttachedPolicies": [
        {
            "PolicyName": "AmazonElasticMapReduceforEC2Role",
            "PolicyArn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
        },
        {
            "PolicyName": "AmazonEC2RoleforDataPipelineRole",
            "PolicyArn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole"
        }
    ]
}

Related questions

How can I resolve the error "The security token included in the request is invalid" when running aws iam upload-server-certificate?

I cd into the directory where all the pem/key files are and run the following: aws iam upload-server-certificate --server-certificate-name certificate_name --certificate-body file://webservercertificate.pem --private-key file://server.key --certificate-chain file://certificate_chain_file.pem I get the following …

Read More
AccessDeniedException: User is not authorized to perform: lambda:InvokeFunction

I'm trying to invoke a lambda function from node. var aws = require('aws-sdk'); var lambda = new aws.Lambda({ accessKeyId: 'id', secretAccessKey: 'key', region: 'us-west-2' }); lambda.invoke({ FunctionName: 'test1', Payload: JSON.stringify({ key1: 'Arjun', key2: 'kom', key3: 'ath' }) }, function(…

Read More
Proper access policy for Amazon Elastic Search Cluster

I've recently started using the new Amazon Elasticsearch Service and I can't seem to figure out the access policy I need so that I can only access the services from my EC2 instances that have a specific IAM role assigned …

Read More