Article by Nick Frichette
[Deprecated] Whoami - Get Principal Name From Keys
sns publish¶
Warning
As of Q4 2023 these calls can optionally be tracked in CloudTrail by enabling dataplane logging. While this will not be enabled for the overwhelming majority of AWS accounts, there is no reason to risk it when there are other methods available.
sns:Publish would return the ARN of the calling user/role without logging to CloudTrail. To use this method, you had to provide a valid AWS account ID in the API call. This could be your own account id, or the account id of anyone else.
user@host:~$ aws sns publish --topic-arn arn:aws:sns:us-east-1:*account id*:aaa --message aaa
An error occurred (AuthorizationError) when calling the Publish operation: User: arn:aws:iam::123456789123:user/no-perm is not authorized to perform: SNS:Publish on resource: arn:aws:sns:us-east-1:*account id*:aaa because no resource-based policy allows the SNS:Publish action
sdb list-domains¶
Warning
As of August 15, 2020 these calls are now tracked in CloudTrail (tweet). This page is maintained for historical and inspiration purposes.
As found by Spencer Gietzen, the API call for sdb list-domains will return very similar information to get-caller-identity.
user@host:$ aws sdb list-domains --region us-east-1
An error occurred (AuthorizationFailure) when calling the ListDomains operation: User (arn:aws:sts::123456789012:assumed-role/example_role/i-00000000000000000) does not have permission to perform (sdb:ListDomains) on resource (arn:aws:sdb:us-east-1:123456789012:domain/). Contact account owner.