how to get aws account number /id based on EC2 instance which is hosted in amazons

Question

how to get aws account number /id based on EC2 instance ip which is hosted in amazon i have a instance name CTI server it is hosted in one AWS account. I have the details of CTI server like private ip and hosts and able to do ssh this instance through putty .I want the AWS account number /aws account ID of where this instance is created . is their any command to find out account number without login into aws console

Answer 1

Nobody included the required token for the curl command to actually work. I dug it up in the docs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html

What you actually need to run is the following:

TOKEN="$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")"

Then:

curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document

Answer 2

The following will give you AWS Account ID:

curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/02:a2:1f:d5:fe:0f/owner-id

Answer 3

This information is available in the dynamic Instance Metadata. It can be extracted in a number of different ways.

jq

The jq JSON parser is the best method currently available, and it comes pre-installed on the AWS Linux AMIs.

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .accountId

Most other methods I found online tended to make a long chain of process calls like grep | sed | awk etc. which is less than ideal. So I explored some alternatives trying to limit the parsing to just one extra process.

sed

The best alternative I could come up with, using only a single pipe, was with sed and extended regular expressions. Plus, unlike the other solutions, this can even handle the (contrived) scenario of (escaped) double quotes in the middle of an accountId:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | sed -nE 's/.*"accountId"\s*:\s*"(.*)".*/\1/p'

Or, slightly less readable with plain BRE:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | sed -n 's/.*"accountId"\s*:\s*"\(.*\)".*/\1/p'

grep

grep is an option, but requires GNU grep with PCRE support:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep -oP '"accountId"\s*:\s*"\K[^"]+'

grep | cut

This more portable alternative requires an extra step (if avoiding heavier tools like awk), but is also more straightforward and easier to understand:

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep '"region"' | cut -d\" -f4

The grep output looks like this:

  "region" : "us-east-1"

Then cut will split on double quotes and pick the fourth field.

awk

I try to avoid using awk for simple uses like this, but it can obviously do the above in one step. It may sometimes be the only available option (e.g busybox):

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | awk -F'"' '/"accountId"/ { print $4 }'

Answer 4

Without jq you can use this one.

curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep accountId| awk '{print $3}'|sed  's/"//g'|sed 's/,//g'

Answer 5

Here is a solution with use of metadata without jq

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | sed '2q;d' |cut -d : -f2 | awk -F\" '{print $2}'

Answer 6

You can obtain the account number from within an EC2 instance by querying the instance metadata. The metadata is located in http://169.254.169.254/latest/dynamic/instance-identity/document.

If an IAM role is attached to the instance, you can retrieve it using:

aws sts get-caller-identity