Finding an AWS IAM user via User Id2021-07-15
In the previous blog post I talked about an AWS IAM User ID that I found in AWS S3 bucket policy. This is a little follow-up on that.
AWS IAM User IDs always start with
AIDA and are
21 characters long:
So if you have one of these, you probably want to figure out which IAM user it belongs to. For AWS Access Keys, which look very similar, this is easy: just search for the key in the AWS IAM web interface. Unfortunately, it seems that you can’t search by User ID in that same interface.
So how do you figure out which user has the given IAM User ID?
An easy way to do that is to use the
iam list-users command in the AWS CLI:
aws iam list-users
If there’s a lot of output you’ll be put into
less and you can search for the
User ID by pressing “/” and then type in the user ID and press enter.
If you have jq installed you can do:
aws iam list-users | jq '.Users | select(.UserId == "AIDAXXXXXXXXXXXXXXXXX")'
to get the user you’re looking for.