Why doesn't IAM show user principal IDs nor allow for searching?

Question

From GuardDuty we get notifications about modifications to S3 buckets in the format

```
{"Records":[{"eventVersion":"2.1","eventSource":"aws:s3","awsRegion":"ap-southeast-1","eventTime":"DATETIME","eventName":"ObjectCreated:Put","userIdentity":{"principalId":"AWS:21CHARACTER"},"requestParameters":{"sourceIPAddress":"1.2.3.4"},"responseElements":{"x-amz-request-id":"X-AMZ-REQUEST-ID","x-amz-id-2":"X-AMZ-ID-2"},"s3":{"s3SchemaVersion":"1.0","configurationId":"CONFIGURATIONID","bucket":{"name":"BUCKETNAME","ownerIdentity":{"principalId":"14CHARACTER"},"arn":"arn:aws:s3:::BUCKETNAME"},"object":{"key":"FILE.NAME","size":1234,"eTag":"ETAG","sequencer":"SEQUENCER"}}}]}
```

1. Why doesn't it report the user ARN?
2. Why does IAM *not* show each user's (21-character) principal ID?
3. Why does IAM *not* make principal ID searchable?
4. Why does AWS CLI iam get-user *not* implement get by principal ID?
5. Why does it have to be iam list-users to pull *every* user to manually check?

Answer

There have been security findings that have indicated that the AWS account ID is sensitive.  It therefore imperative, from a security standpoint, that the account ID be protected.  Most of the things that you appear to desire would expose the account ID.

Why doesn't IAM show user principal IDs nor allow for searching?

Relevant questions

Why doesn't IAM show user principal IDs nor allow for searching?

IAM user access to S3: uploads fail

How can I restrict S3 bucket access to allow only VPC Flow logs from within an organization?

Why do we need S3 bucket versioning enabled in order to do replication?

Cannot configure Guardduty 'findings export options' to an S3 bucket

S3 policy allow Source VPC or IP

List contents of buckets

S3 Bucket Security

Using EC2 IAM role principal in SecretsManager resource policy together with autoscaling

GuardDuty pricing investigation