By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

The meaning of AWS account principals for policy principals?

0

Hi all

I can see account principals as follows. The following is a part of KMS key policy. What does that mean?

Any IAM resources including users and roles in that account? Or any resources in that account?

    {
      "Sid": "...",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::[account-id]:root"
      },
      "Action": "kms:*",
      "Resource": "*"
    }

I've looked at the documentation - https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html, but it does not say clearly.

Thanks.

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementIAM Policies
Language
English
profile picture
Sonic
asked a month ago18 views
1 Answer
0

Root Arn in the resource based policy allows access to all the IAM user/role in the specific account ID mentioned in the Arn. It will allow access to the user or role only when the role and user also allow access in their identity based policy.

This includes allowing IAM users, IAM roles, and the account root user in the specified AWS account to have access to the KMS key through IAM policies.

AWS
Sakshi M
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content