Article by Phil Massyn
Enumerate AWS Account ID from an EC2 Instance
With shell or command line access to an EC2 instance, you will be able to determine some key information about the AWS account.
get-caller-identity¶
By using get-caller-identity, the EC2 instance may have an EC2 instance profile setup.
user@host:$ aws sts get-caller-identity
{
"Account": "000000000000",
"UserId": "AROAJIWIJQ5KCHMJX4EWI:i-00000000000000000",
"Arn": "arn:aws:sts::000000000000:assumed-role/AmazonLightsailInstanceRole/i-00000000000000000"
}
Metadata¶
By using the metadata service, you will be able to retrieve additional information about the account, and more specifically for the EC2 instance being used.
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document
{
"accountId" : "000000000000",
"architecture" : "x86_64",
"availabilityZone" : "ap-southeast-2a",
"billingProducts" : null,
"devpayProductCodes" : null,
"marketplaceProductCodes" : null,
"imageId" : "ami-042c4533fa25c105a",
"instanceId" : "i-00000000000000000",
"instanceType" : "t2.nano",
"kernelId" : null,
"pendingTime" : "2022-02-27T22:34:30Z",
"privateIp" : "172.26.6.225",
"ramdiskId" : null,
"region" : "ap-southeast-2",
"version" : "2017-09-30"
}