Chatwithcloud logo


AWS GenAI Tools


import { STS } from 'aws-sdk'; const sts = new STS(); sts.getCallerIdentity({}, (err, data) => { if (err) { console.log('Error:', err); } else { console.log('Caller Identity:', data); } });

Detailed Code Explanation

The code imports the STS (Security Token Service) module from the AWS SDK and creates a new instance of the STS class. It then calls the getCallerIdentity method on this instance, passing an empty object as the first parameter and a callback function as the second parameter.

The getCallerIdentity method retrieves the identity of the AWS account making the API call. If an error occurs, the callback function logs the error message using console.log. Otherwise, it logs the response data, which contains information about the caller's identity.

Expected Output Format

The output of this code will be in JSON format and will contain information about the caller's identity. The response data will include the AWS account ID, Amazon Resource Name (ARN), and a unique identifier for the caller.

Considerations & Caveats

Required IAM Permissions and Example Policy

To run this code, the IAM role or user must have the following permissions:

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "sts:GetCallerIdentity", "Resource": "*" }] }

This example policy allows the role or user to call the sts:GetCallerIdentity action on any resource.


Q1: What is the purpose of the getCallerIdentity method?

A1: The getCallerIdentity method is used to retrieve information about the AWS account making the API call. It returns details such as the account ID, ARN, and a unique identifier for the caller.

Q2: What other methods are available in the STS module?

A2: The STS module provides various methods for managing temporary security credentials, assuming roles, and validating AWS account credentials. Some of the commonly used methods include assumeRole, assumeRoleWithWebIdentity, and decodeAuthorizationMessage.

Q3: Can this code be used in a browser-based JavaScript application?

A3: No, this code is intended to be run in a server-side environment. In a browser-based application, AWS SDK client credentials should not be exposed to the client-side code for security reasons.

Q4: How can I secure the AWS credentials used by this code?

A4: It is recommended to use an IAM role or user with the least privilege principle. Assign only the necessary permissions required to perform the desired operations and avoid hard-coding credentials in your code.

Related articles
Get the number of invocations for Lambda functions in the last 24 hoursMonitor and Notify When Approaching Service LimitsCalculate the Size of Each S3 Bucket and Find the One with the Most Data