Finding the canonical user ID for your Amazon Web Services account - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Finding the canonical user ID for your Amazon Web Services account

The canonical user ID is an alpha-numeric identifier, such as 79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be, that is an obfuscated form of the Amazon Web Services account ID. You can use this ID to identify an Amazon Web Services account when granting cross-account access to buckets and objects using Amazon S3. You can retrieve the canonical user ID for your Amazon Web Services account as either the root user or an IAM user.

You can find the canonical user ID for your Amazon Web Services account using the Amazon Web Services Management Console or the Amazon CLI. The canonical user ID for an Amazon Web Services account is specific to that account. You can retrieve the canonical user ID for your account as the root user, a federated user, or an IAM user.

Prerequisites

If you are a federated user or are accessing the information programmatically, such as through the Amazon CLI, you must have permission to list and view an Amazon S3 bucket.

Follow these steps to find the canonical user ID for your Amazon Web Services account when you are signed into the console as the root user or an IAM user. For more information about the root user and IAM users, see Overview of Amazon identity management: Users in the IAM User Guide.

  1. Sign in to the console as the root user or an IAM user.

    For more information, see Signing in to the Amazon Web Services Management Console in the IAM User Guide.

  2. In the navigation bar on the upper right, choose your account name or number, and then choose My Security Credentials.

  3. Find the canonical ID for the account:

    • If you are the root user, expand Account identifiers and find Canonical User ID.

    • If you are an IAM user, under Account details, find Account canonical user ID.

Follow these steps to find the canonical user ID for your account when you are signed in to the Amazon Web Services Management Console as a federated user. For more information about federated users, see Federating existing users in the IAM User Guide.

  1. Sign in to the console as a federated user.

    For more information, see Signing in to the Amazon Web Services Management Console in the IAM User Guide.

  2. In the Amazon S3 console, choose a bucket name to view the bucket details.

  3. Choose Permissions, and then scroll down to the Access Control List section.

    At the top of the page, under Access for bucket owner, the canonical user ID for the Amazon Web Services account appears.

Use the list-buckets command as follows to find the canonical user ID using the Amazon CLI.

aws s3api list-buckets --query Owner.ID --output text