Finding AWS account names

Posted: | Tags: cloud aws

If you’ve worked with AWS thorugh the CLI, you’ll be familair with aws sts get-caller-identity, essentially the whoami and uname of the cloud. While working with one or more accounts, getting the caller identity allows you to identify what role or user you are authenticated as and on which AWS account. There’s only one thing that I miss while using the API call, a human-readable account name.

There are two types of names AWS has per account, the first which is set when creating the account itself, and the second which is the IAM alias, which is also visible when using multiple sessions in the console.

The account name can be easily queried from the CLI using get-account-information. This returns the account ID and the name.

> aws account get-account-information
{
    "AccountCreatedDate": "2025-10-02T14:04:10+00:00",
    "AccountId": "111111111111",
    "AccountName": "PeskyPublicAccount"
}

The alias can also be queried through the CLI, but using list-account-aliases, this only returns the alias.

> aws iam list-account-aliases
{
    "AccountAliases": [
    "PeskyPublicAccountAlias"
    ]
}

Both do not provide any information on the user or role generating the request. I’d like a single way to identify who I am and in what what account I’m in. Instead of sending out two requests, I’ve decided to maintain my own account name list, and have done so for a while. I have ~/.aws/account.txt which contains a list of account IDs and names separated by a space.

For example:

111111111111 PeskyPublicAccount
222222222222 PeskyPrivateAccount

This can then be parsed using a bash script, get-caller-identity.sh, which I’ve added to my path.

#!/bin/bash
output=$(aws sts get-caller-identity)
account=$(echo "$output" | jq -r .Account)
name=$(echo "$account" | awk 'NR==FNR{key=$0; next} $1==key{print $2}' - ~/.aws/accounts.txt)
echo "$output" | jq --arg name "$name" '. + {AccountName: $name}'

So, when I’m working on an AWS account and quickly want to verify where and who I am, I can run get-caller-identity.sh which responds with:

❯ get-caller-identity.sh 
{
  "UserId": "AIDASAMPLEUSERID",
  "Account": "111111111111",
  "Arn": "arn:aws:iam::111111111111:user/DevAdmin",
  "AccountName": "PeskyPublicAccount"
}

While having the downside of being manually created and tended to, I can set whatever account names I’d like without having to rely on the ones set by my team, which is usually the case.


Related ramblings