Skip to content

Latest commit

 

History

History
59 lines (37 loc) · 2.84 KB

README.md

File metadata and controls

59 lines (37 loc) · 2.84 KB

Determine AWS Account ID from AWS Access Key ID

Decodes the AWS account ID given an AWS access key ID (with a four-letter resource identifier beginning with "A"; this does not work for older key IDs beginning with "I" or "J").

This is a small, single-file library with no dependencies outside std. Only two functions are exported / public (there is an example of each below).

Usage

This can be installed as a crate via cargo.

cargo add aws_account_id_from_key_id

Once added as a dependency to a project, you can use it like so:

use aws_account_id_from_key_id::*;

fn main() {
    let access_key_id = "AKIASP2TPHJSQH3FJXYZ";

    // Decode AWS account ID given AWS access key ID
    assert_eq!(get_aws_account_id(&access_key_id).unwrap(), "171436882533");
    
    // Get associated AWS resource type given AWS access key ID
    assert_eq!(get_associated_resource_type(&access_key_id).unwrap(), "Access key");
}

Rationale

Isn't there a better way to do this?

Yes, use the AWS Security Token Service (STS) API call GetAccessKeyInfo. Example:

aws sts get-access-key-info --access-key-id=<key-id-goes-here>

Why write this when perfectly-good Python and Go implementations already exist?

I mainly wrote this as a Rust programming language learning exercise. I'm open to feedback both to learn more about Rust and better ways to implement this as well as to fix any bugs / logic errors in the code.

References / Credit

This is primarily based on the research and Python PoC code by Tal Be'ery.

License

This project is released open source under the MIT License.