从AWS开发工具包,如何获取当前登录的用户名(或IAM用户)? [英] From AWS SDK, how to I get the current logged in username (or IAM user)?
问题描述
我正在使用Ruby SDK(V2),但我想我的问题比特定的实现更笼统,因为我在任何一个SDK中都找不到答案.
I'm using the Ruby SDK (V2), but I guess my question is more general than the specific implementation as I couldn't find an answer in any of the SDKs.
如何获取会话当前所属的用户名(和/或IAM用户)?
How do I get the username (and/or IAM user) that my session currently belongs to?
我让SDK运行其默认行为以选择凭据(ENV vars,然后是默认"配置文件,如果指定了其他,然后是其他角色,然后是机器角色).然后,我初始化客户端并运行命令.我想知道谁在运行命令".我希望获得AWS用户名,并且如果所选择的凭据是其中的IAM用户,那么该用户名也是如此.
I let the SDK run its default behaviour for choosing credentials (ENV vars, then 'default' profile or other if specified and then machine role). Then I initialize my client and run commands. I'd like to know 'who is running the commands'. I expect to get the AWS username and if the chosen credentials were of an IAM user in it, then this username too.
有什么想法吗?
到目前为止,我得到的最好的结果是,在构建Client对象之后,我可以查询它的实际config并获取Credentials.但这只会告诉我选择了哪些凭据(即SharedCredentials profile='default'与Credentials key=.. secret=..),而没有告诉我背后的用户名是谁.
Any ideas?
The best I got so far was that after I build a Client object, I can query it's actual config and get Credentials. But that only gives me what credentials were chosen (i.e. SharedCredentials profile='default' vs. Credentials key=.. secret=..) and doesn't tell me who is the username behind it.
非常感谢!
推荐答案
请注意您的术语-与AWS API的交互都是通过HTTP进行的,并且是无会话的和无状态的,因此当前并没有真正的概念.登录"用户或会话".
Be careful with your terminology -- interactions with the AWS APIs are all over HTTP, and are sessionless and stateless, so there's not really a concept of the currently "logged in" user, or a "session."
但是,对于给定的一组凭据,您可以从Aws::IAM::CurrentUser获取当前"用户(正在使用其凭据的用户)的属性.
However, for a given set of credentials, you can fetch the attributes of the "current" user (the user whose credentials you're using) from Aws::IAM::CurrentUser.
http://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/CurrentUser.html
缺少示例的道歉-我通常不熟悉Ruby-但基于我知道的直接查询API和带有aws iam get-user的命令行客户端可以完成的工作,发现了这一点.可用的属性都是相同的:user_name,password_last_used,create_date,user_id,path和arn ...,所以我怀疑这就是您要查找的内容.
Apologies for the lack of an example -- I am unfamiliar with Ruby in general -- but found this based on what I knew could be done with the direct query APIs and command line client with aws iam get-user. The available attributes are all the same: user_name, password_last_used, create_date, user_id, path, and arn... so I suspect this is what you're looking for.
从查询API文档:
默认为发出请求的用户
it defaults to the user making the request
这篇关于从AWS开发工具包,如何获取当前登录的用户名(或IAM用户)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
