To maintain security, AWS Account IDs should be handled carefully, even though they are not deemed confidential. While they are not secrets, they can lead to exposure of sensitive resources or data.
Last updated
Was this helpful?
While account IDs, like any identifying information, should be used and shared carefully, they are not considered secret, sensitive, or confidential information.
Knowing an AWS Account ID can lead to discovering information that could be used to compromise an account. For example, knowing the AWS Account ID lets us find public resources (e.g., EBS or RDS snapshots, AMIs, etc.) that could contain credentials or other sensitive information.
With valid AWS Access Keys, we can use an AWS CLI command
With just a valid AWS Access Key ID, we can use an AWS CLI command
You must have valid access keys configured for this to work (aws configure) but then, you can find the AWS Account ID with any valid Access Key ID
The bucket must be public or otherwise accessible by the IAM Role used
This method requires code execution on the target EC2 as IMDS is a local service
Knowing the name of an AWS S3 bucket, we can use to identify the account ID
The EC2 metadata service (IMDS) provides the AWS Account ID in the
