Find the owner of an AWS Access Key
Reverse lookup in web console
It's easy to miss that you can do a reverse lookup to find the user who owns a certain key.
https://console.aws.amazon.com/iam/home?region=us-east-1#/users
If you don't have access to your account's primary access key, but you do have an access key with sufficient access to IAM, you can enumerate all the users in the account and then list the access keys for each of them. For example:
for user in $(aws iam list-users --output text | awk '{print $NF}'); do
aws iam list-access-keys --user $user --output text
done
If you just want to find the owner of the Access Key ID, a more straightforward trick is just to use AWS CLI with the key id and key to access a random AWS service. AWS CLI will throw an Access Denied error which has full details of the owner info of the Access Key as shown below:
$ aws iam get-user
An error occurred (AccessDenied) when calling the GetUser operation:
User: arn:aws:iam::xxxxxxx:user/xxxx is not authorized to perform:
iam:GetUser on resource: user xxxxx
From the error message, you will have the account id, the user name.
If the user has permission to access IAM, you will get the full details of the user as below:
{
"User": {
"Path": "/",
"UserName": "xxx",
"UserId": "xxx",
"Arn": "arn:aws:iam::75xxx:user/xxx",
"CreateDate": "2019-09-10T07:10:26+00:00",
"PasswordLastUsed": "2020-05-26T07:51:50+00:00"
}
}
Update
A new command provided by AWS is here:
$ aws sts get-caller-identity
{
"UserId": "AIDASYJLxxxxx",
"Account": "18xxxxxxxxxx",
"Arn": "arn:aws:iam::18xxxxxxxxx:user/xxxxxxx"
}