All posts
September 13, 20252 min read

How to Check Your AWS CLI Identity with get-caller-identity

The terminal was empty, the cursor blinking, waiting for one command: aws sts get-caller-identity That’s all it takes to know exactly which AWS account, user, and permissions you’re using in the AWS CLI. No guessing. No checking config files by hand. This is how you confirm your identity before running any command that matters. What AWS CLI Identity really means The AWS CLI identity is the combination of the account, user or role, and permission set that you are authenticated with through th

Free White Paper

AWS IAM Policies + Identity and Access Management (IAM): The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

The terminal was empty, the cursor blinking, waiting for one command:

aws sts get-caller-identity

That’s all it takes to know exactly which AWS account, user, and permissions you’re using in the AWS CLI. No guessing. No checking config files by hand. This is how you confirm your identity before running any command that matters.

What AWS CLI Identity really means
The AWS CLI identity is the combination of the account, user or role, and permission set that you are authenticated with through the CLI. In AWS, mistakes cost real money. Running destructive or costly commands in the wrong account can happen in seconds. Identity commands give you certainty. They let you inspect, verify, and log who you are inside AWS before you act.

The core command: get-caller-identity
The most direct way to see your AWS CLI identity is:

aws sts get-caller-identity

This will return:

Continue reading? Get the full guide.

AWS IAM Policies + Identity and Access Management (IAM): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.
  • UserId: The IAM user or role ID in use.
  • Account: The twelve-digit AWS account ID.
  • Arn: The Amazon Resource Name, describing the type of principal you are using.

How AWS authenticates CLI identity
When you run a CLI command, the AWS CLI checks for credentials in the following order: environment variables, AWS CLI config files, the default AWS profile, or the EC2/ECS IAM role if you’re inside AWS infrastructure. Whichever set of credentials it finds first defines your AWS CLI identity for that session.

Switching and verifying identities
To change AWS CLI identity, set a different profile:

aws configure --profile dev
aws sts get-caller-identity --profile dev

Using profiles is safer than constantly overwriting credentials. Always pair a profile switch with an identity check to avoid cross-account errors.

Why identity checks belong in automation
In automated scripts, pipelines, and deployments, printing the AWS CLI identity before running high-impact commands is a low-cost safety net. It also makes logs self-explanatory when reviewing incidents or troubleshooting issues. This is especially important in shared environments or CI/CD pipelines that rotate credentials dynamically.

Security and compliance
AWS CLI identity checks are also a fast way to prove compliance. They show the principal executing a command exactly as AWS saw it. For auditing, store this in your logs. For day-to-day work, run it in your shell. The AWS Security Token Service (STS) is the authority here, and get-caller-identity is its handshake with you.

Faster, safer, and visible results
Knowing your AWS CLI identity means you work with precision. No more blind execution. No more wondering which role you’re in. This simple command, used often, will save hours and prevent expensive errors.

If you want to see this kind of cloud identity awareness in action — with live, clear visibility in minutes — check out hoop.dev. It gives you the transparency you need without slowing you down.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts