c# - Is it possible to get the canonical user id from AWS IAM users, from the .NET API? -

c# - Is it possible to get the canonical user id from AWS IAM users, from the .NET API? -

i have created user, credentials, , bucket. need grant bucket access user.

is there way canonicaluser value code? iam user object provides arn, path, userid , username values, none of these valid grant.

using (var s3 = new amazon.s3.amazons3client("[user_key]", "[secret_user_key]", regionendpoint.getbysystemname("eu-west-1"))) { var response = s3.getacl("[bucket_id]"); var acl = response.accesscontrollist; acl.addgrant( new s3grantee() { canonicaluser = **???** }, new s3permission(s3permission.full_control) ); s3.putacl( new putaclrequest() { accesscontrollist = acl, bucketname = "[bucket_id]" } ); }

no, not possible canonical user id code - you've nail odd , legacy aspect due different way manage access permissions s3 resources, see aws team's response how find out canonical id iam user?:

you can not add together iam users acl's grantee. i'll have documentation updated clarify iam users not supported in acl's. there few solutions can utilize grant user access amazon s3 content: [...]

you might indeed want reconsider using more versatile s3 bucket policies instead (see below) - however, if have access account's root credentials, might find canonical user id associated aws account outlined in specifying principal in policy (mind you, doesn't work iam user credentials):

go http://aws.amazon.com , my account/console drop-down menu, select security credentials. sign in using appropriate business relationship credentials. click account identifiers.

i shall emphasize 1 time again aws recommends utilize iam users these days, see e.g. root business relationship credentials vs. iam user credentials:

because can't command privileges of root business relationship credentials, should store them in safe place , instead utilize aws identity , access management (iam) user credentials day-to-day interaction aws.

this canonical user id requirement s3 rare exception, , said considered legacy artifact due s3's acl layer predating iam, best avoided, if possible.

c# .net amazon-web-services amazon-s3 amazon-iam