Permissions Needed to Fetch Account Name for AWS
To retrieve the AWS account name (also called the Usage Account Name/alias) for creating or updating a data source using the AWS SDK for Java, your IAM role must have specific permissions.
Required Permissions
The IAM role must have the following permissions:
iam:ListAccountAliases: Set this permission so your application can retrieve the alias (name) associated with your AWS account. The following example shows how to configure the IAM policy to grant this permission.
sts:GetCallerIdentity: Optionally, you may also include this permission if you need to verify the identity of the caller, but it is not mandatory for retrieving the account name. This permission can help to confirm the identity of the AWS account and IAM role in use.
Follow the steps to retrieve the AWS account name with the required permissions:
In your AWS Management Console, search for IAM, and select the IAM service.
In the navigation pane, select Access Management, then select Policies and click Create Policy.
Select the JSON tab and replace the default content with the following code:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:ListAccountAliases", "Resource": "*" } ] }Click Next: Tags and add any needed tags.
Adding tags is optional.
Click Next: Review and provide a descriptive Name for the policy.
Example:
FetchAccountNameMake a note of the policy name, review the permissions summary, and click Create Policy.
You will need the policy name to attach this customer managed policy to your IAM role.
After attaching the policy to the IAM role, the application can retrieve the AWS account name using the account ID.