Reputation:
Programmatically get Account Id from lambda context arn
I have access to
com.amazonaws.services.lambda.runtime.Context;
object and by extension the invoked function Arn. The arn contains the account Id where the lambda resides.
My question is simple, I want the cleanest way to extract the account Id from that.
I was taking a look
com.amazon.arn.ARN;
It has a whole bunch of stuff, but no account ID (which i presume is due to the fact that not all arns have account ids ?)
I want to cleanly extract the account Id, without resorting to parsing the string.
Upvotes: 18
Views: 38702
Answers (5)
Reputation: 1089
I would get the Account id from the context parameter in the following way.
ACCOUNT_ID = context.invoked_function_arn.split(":")[4]
aws doc referring context parameter - https://docs.aws.amazon.com/lambda/latest/dg/python-context.html
Upvotes: 8
Reputation: 22933
golang
import (
"github.com/aws/aws-lambda-go/lambdacontext"
)
func Handler(ctx context.Context) error {
lc, ok := lambdacontext.FromContext(ctx)
if !ok {
return errors.Errorf("could not get lambda context")
}
AwsAccountId := strings.Split(lc.InvokedFunctionArn, ":")[4]
Upvotes: 1
Reputation: 3327
You no longer need to parse the arn anymore, sts library has introduced get_caller_identity for this purpose.
Its an overkill, but works!.
Excerpts from aws docs.
python
import boto3
client = boto3.client('sts')
response = client.get_caller_identity()['Account']
js
/* This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012. */
var params = {
};
sts.getCallerIdentity(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
/*
data = {
Account: "123456789012",
Arn: "arn:aws:iam::123456789012:user/Alice",
UserId: "AKIAI44QH8DHBEXAMPLE"
}
*/
});
Upvotes: 13
Reputation: 59
I use this:
ACCID: { "Fn::Join" : ["", [{ "Ref" : "AWS::AccountId" }, "" ]] }
Upvotes: 2
Reputation: 3550
If your lambda is being used as an API Gateway proxy lambda, then you have access to event.requestContext.accountId (where event is the first parameter to your handler function).
Otherwise, you will have to split the ARN up.
From the AWS documentation about ARN formats, here are the valid Lambda ARN formats:
arn:aws:lambda:region:account-id:function:function-name
arn:aws:lambda:region:account-id:function:function-name:alias-name
arn:aws:lambda:region:account-id:function:function-name:version
arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id
In all cases, account-id is the 5th item in the ARN (treating : as a separator). Therefore, you can just do this:
String accountId = arn.split(":")[4];
Upvotes: 26
Related Questions
- How to get AWS account details from account ID programatically?
- How to get accountId where Lambda deployed to programmatically?
- Invoke Lambda using SNS from Outside Account
- How to get Account Name using Account Id inside AWS lambda
- Access principalId in lambda function (python) from API Authorizer
- AWS Lambda function context.identity.cognito_identity_id returns null
- How can i get userId of aws account?
- How to invoke AWS lambda function with context argument
- Loop through AWS Accounts in Lambda Python Function
- How can I get the cognito IdentityId of the user