:doc:`STS <../../sts>` / Client / get_caller_identity

*******************
get_caller_identity
*******************



.. py:method:: STS.Client.get_caller_identity()

  

  Returns details about the IAM user or role whose credentials are used to call the operation.

   

  .. note::

    

    No permissions are required to perform this operation. If an administrator attaches a policy to your identity that explicitly denies access to the ``sts:GetCallerIdentity`` action, you can still perform this operation. Permissions are not required because the same information is returned when access is denied. To view an example response, see `I Am Not Authorized to Perform\: iam\:DeleteVirtualMFADevice <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa>`__ in the *IAM User Guide*.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity>`_  


  **Request Syntax**
  ::

    response = client.get_caller_identity()
    
    
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'UserId': 'string',
          'Account': 'string',
          'Arn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 

      Contains the response to a successful  GetCallerIdentity request, including information about the entity making the request.

      
      

      - **UserId** *(string) --* 

        The unique identifier of the calling entity. The exact value depends on the type of entity that is making the call. The values returned are those listed in the **aws:userid** column in the `Principal table <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable>`__ found on the **Policy Variables** reference page in the *IAM User Guide*.

        
      

      - **Account** *(string) --* 

        The Amazon Web Services account ID number of the account that owns or contains the calling entity.

        
      

      - **Arn** *(string) --* 

        The Amazon Web Services ARN associated with the calling entity.

        
  

  **Examples**

  This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012.
  ::

    response = client.get_caller_identity(
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'Account': '123456789012',
        'Arn': 'arn:aws:iam::123456789012:user/Alice',
        'UserId': 'AKIAI44QH8DHBEXAMPLE',
        'ResponseMetadata': {
            '...': '...',
        },
    }

  

  This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName is set to my-role-session-name.
  ::

    response = client.get_caller_identity(
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'Account': '123456789012',
        'Arn': 'arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name',
        'UserId': 'AKIAI44QH8DHBEXAMPLE:my-role-session-name',
        'ResponseMetadata': {
            '...': '...',
        },
    }

  

  This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name parameter is set to my-federated-user-name.
  ::

    response = client.get_caller_identity(
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'Account': '123456789012',
        'Arn': 'arn:aws:sts::123456789012:federated-user/my-federated-user-name',
        'UserId': '123456789012:my-federated-user-name',
        'ResponseMetadata': {
            '...': '...',
        },
    }

  