I have the below IAM policy definied. I am not sure what is the below policy signify. Is the principal pointing to the root user or root account and any authenticated user associated with the root account.
Before raising this question, I have referred to this Link.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account-id>:root"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
It looks like a Trust Policy that is attached to an IAM Role.
It is saying that IAM Users in <account-id> can assume the IAM Role as long as they have been granted sufficient permission to call AssumeRole().
The reference to root is saying that it trusts whatever policies exist in that particular account. So, if an IAM User in that account has been granted permission to call AssumeRole(), then the policy will allow it. It's a way of saying "trust whatever that account says".