2 releases
0.8.2 | Feb 26, 2024 |
---|---|
0.8.1 | Feb 26, 2024 |
#1139 in Encoding
25 downloads per month
12KB
94 lines
Determine AWS Account ID from AWS Access Key ID
Decodes the AWS account ID given an AWS access key ID (with a four-letter resource identifier beginning with "A"; this does not work for older key IDs beginning with "I" or "J").
This is a small, single-file library with no dependencies outside std
. Only two functions are exported / public
(there is an example of each below).
Usage
This can be installed as a crate via cargo
.
cargo add aws_account_id_from_key_id
Once added as a dependency to a project, you can use it like so:
use aws_account_id_from_key_id::*;
fn main() {
let access_key_id = "AKIASP2TPHJSQH3FJXYZ";
// Decode AWS account ID given AWS access key ID
assert_eq!(get_aws_account_id(&access_key_id).unwrap(), "171436882533");
// Get associated AWS resource type given AWS access key ID
assert_eq!(get_associated_resource_type(&access_key_id).unwrap(), "Access key");
}
Rationale
Isn't there a better way to do this?
Yes, use the AWS Security Token Service (STS) API call GetAccessKeyInfo
. Example:
aws sts get-access-key-info --access-key-id=<key-id-goes-here>
Why write this when perfectly-good Python and Go implementations already exist?
I mainly wrote this as a Rust programming language learning exercise. I'm open to feedback both to learn more about Rust and better ways to implement this as well as to fix any bugs / logic errors in the code.
References / Credit
This is primarily based on the research and Python PoC code by Tal Be'ery.
- A short note on AWS KEY ID
- AWS Access Key ID formats
- AWS security credential formats
- Get Account ID from AWS Access Keys
- Research Uncovers AWS Account Numbers Hidden in Access Keys
- TruffleHog AWS Detector Code
- Understanding unique ID prefixes
License
This project is released open source under the MIT License.