stackoom
  简体   繁体   中英

How to get the account id with cdk

 原文  2019-09-13 01:15:08       typescript/ aws-cdk

Question

I wrote a simple typescript with AWS CDK and try to get the account id

import cdk = require("@aws-cdk/core");

const app = new cdk.Stack();

console.log(app.account);

But get below output

$ tsc index.ts 
$ node index.js 
${Token[AWS::AccountId.0]}

So what's the meaning of Token here? How to get the real account id?

Updates

$ cdk init app --language=typescript

# replace lib/<name>-stack.ts with @Rob Raisch 's code

$ cdk synth
${Token[AWS::AccountId.0]}
Outputs:
  MyStackAccount:
    Description: Account of this stack
    Value:
      Ref: AWS::AccountId
Resources:
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Modules: aws-cdk=1.2.0,@aws-cdk/core=1.8.0,@aws-cdk/cx-api=1.8.0,jsii-runtime=node.js/v10.15.3

$ cdk deploy
${Token[AWS::AccountId.0]}
MyStack: deploying...
MyStack: creating CloudFormation changeset...
 0/2 | 11:58:59 AM | CREATE_IN_PROGRESS   | AWS::CDK::Metadata | CDKMetadata Resource creation Initiated
 1/2 | 11:58:59 AM | CREATE_COMPLETE      | AWS::CDK::Metadata | CDKMetadata 
 2/2 | 11:59:00 AM | CREATE_COMPLETE      | AWS::CloudFormation::Stack | MyStack 

 ✅  MyStack

Outputs:
MyStack.MyStackAccount = 123456789012

2 answers

solution1
 20 ACCPTED  2019-09-15 22:22:40

I had exactly the same issue until I realized that, until you run cdk deploy , there are no such values, only placeholders (like ${Token[AWS::AccountId.0]} ) that will be filled in during deployment.

Think of it this way, your CDK stack is a plan to create a number of resources, but until you run cdk deploy , those resources do not exist and so, cannot be queried for their values.

One way to get the value you need would be to add this to your stack constructor:

// Publish the custom resource output
new cdk.CfnOutput(this, "MyStackAccount", {
  description: "Account of this stack",
  value: this.account
});

As in:

class MyStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, "MyStack", props);

    new cdk.CfnOutput(this, "MyStackAccount", {
      description: "Account of this stack",
      value: this.account
    });
  }
}

which, when you run cdk deploy , will output:

MyStack.StackAccount = 987XXXXXX456

solution2
 0  2022-06-23 23:15:42

The question is "How to get the account id" but you don't mention why.

If you want to get your Account number for IAM purposes, such as only allowing your account to use your API Gateway (for example), then you can also use the Principal type AccountRootPrincipal which always points to the "current" account.

    const policy = new PolicyStatement({
      effect: Effect.ALLOW,
      actions: ['execute-api:Invoke'],
      resources: ['arn:aws:execute-api:*:*:*/*'],
      principals: [new AccountRootPrincipal()], // <-- Your account only
    });

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to get route table ID in typescript with AWS CDK How to design CDK project? How do you add security group ID to other security group in CDK? Is it possible to invoke a lambda in code pipeline from a different account using CDK? VPC peering (2 VPCS are in 2 different account) via AWS CDK Typescript AWS-CDK Pipelines Cross Account Stack Removal How to delay opening in CDK overplay? AWS CDK - Cannot use tokens in construct ID - How do I dynamically name constructs based off the names of other constructs? CDK deploy results in "Bucket named 'x' exists, but not in account 067685711111. Wrong account? How to supply policyDocument in CfnBucketPolicy in AWS CDK
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM