The highest tagged major version is v2.

aws-whoami-golang

command module

v0.0.0-...-a6c1e30 Latest Latest Go to latest Published: Feb 21, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/benkehoe/aws-whoami-golang

README ¶

aws-whoami

Find what AWS account and identity you're using

⚠ This is the successor to the python implementation as a CLI tool. The other is still useful as a Python library.

You should know about aws sts get-caller-identity, which sensibly returns the identity of the caller. But even with --output table, I find this a bit lacking. That ARN is a lot to visually parse, it doesn't tell you what region your credentials are configured for, and I am not very good at remembering AWS account numbers. aws-whoami makes it better.

$ aws-whoami
Account:         123456789012
                 my-account-alias
Region:          us-east-2
AssumedRole:     MY-ROLE
RoleSessionName: ben
UserId:          SOMEOPAQUEID:ben
Arn:             arn:aws:sts::123456789012:assumed-role/MY-ROLE/ben

Note: if you don't have permissions to iam:ListAccountAliases, your account alias won't appear. See below for disabling this check if getting a permission denied on this call raises flags in your organization.

Install

Download the latest release for your platform.

Options

aws-whoami uses the AWS Go SDK v2, so it'll pick up your credentials in the normal ways, including with the --profile parameter.

If you'd like the output as a JSON object, use the --json flag. See below for field names.

Use --version to output the version.

Account alias checking

By default, aws-whoami calls iam.ListAccountAliases to find the account name, if set. If you don't have access to this API, it swallows that error. In general this is fine, but if it causes trouble (e.g., raising security alerts in your organization), you can disable it.

To fully disable account alias checking, set the environment variable AWS_WHOAMI_DISABLE_ACCOUNT_ALIAS to true. To selectively disable it, you can also set it to a comma-separated list of values that will be matched against the following:

The beginning or end of the account number
The principal Name or ARN
The role session name

JSON output

The JSON object that is printed when using the --json flag always includes the following fields:

Account
AccountAliases (NOTE: this is a list)
Arn
Type
Name
RoleSessionName
UserId
Region
SSOPermissionSet

Type, Name, and RoleSessionName (and SSOPermissionSet) are split from the ARN for convenience. RoleSessionName is null for IAM users.

SSOPermissionSet is set if the assumed role name conforms to the format AWSReservedSSO_{permission-set}_{random-tag}, otherwise it is null.

Note that the AccountAliases field is an empty list when account alias checking is disabled, not null.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
aws-whoami module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL