1 Answer
- Newest
- Most votes
- Most comments
0
Hi Shahar, it is exact same thing
See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
AWS account principals
You can specify AWS account identifiers in the Principal element of a resource-based
policy or in condition keys that support principals. This delegates authority to the
account. When you allow access to a different account, an administrator in that account
must then grant access to an identity (IAM user or role) in that account. When you specify an
AWS account, you can use the account ARN (arn:aws:iam::account-ID:root), or a shortened form t
hat consists of the "AWS": prefix followed by the account ID.
For example, given an account ID of 123456789012, you can use either of the following methods
to specify that account in the Principal element:
"Principal": { "AWS": "arn:aws:iam::123456789012:root" }
"Principal": { "AWS": "123456789012" }
The account ARN and the shortened account ID behave the same way. Both delegate permissions
to the account. Using the account ARN in the Principal element does not limit permissions to
only the root user of the account.
Best, Didier
Relevant content
- Accepted Answerasked 2 years ago
- asked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago