I inherited a couple of AWS environments. I have been recently doing security audits of s3 and found several policies with principals containing aws account numbers I don't know and nobody at my company are familiar with them either. So I want to basically do a reverse lookup of the owner of the accounts in question. I want to determine if the policies are still valid or can be deleted.
Asked
Active
Viewed 1.0k times
2 Answers
6
There is no public api for that. You can probably contact your AWS support representative to assist with that.
Jason Martin
- 5,193
0
(For others who may find this discussion later, as I did:)
If any of the Account IDs you are trying to identify are in an AWS CloudFront distrubution ARN, the Account ID might be that of an AWS Managed Account, because Edge-Optimized API Gateway endpoints are (typically?) in AWS-managed accounts.
You can find the list of Account IDs that fall into that category here: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-edge-optimized-custom-domain-name.html#how-to-custom-domain-log-cloudfront-distribution-update-in-cloudtrail
I learned that detail from a note at the bottom of this AWS documentation:
Note: CloudFront distribution created through edge-optimized API endpoint in API Gateway or AWS Amplify managed hosting are managed by the AWS Managed Account. In this case, the AWS Account ID in the output is related to the AWS Managed Account. CloudFront distributions created for edge-optimized API endpoint in API Gateway can be identified by a Region-specific API Gateway account ID. For a full list of Region-specific API Gateway account IDs, see Log custom domain name creation in CloudTrail.
matt
- 101