AWS IAM Principal Validation

For the AWS IAM service, a Principal element is used to specify an entity that is allowed (or denied) access to the resource. This is only applicable to IAM roles, where the principal is an entity who can assume that role, or in a resource-based policy where the entity is being allowed access to the resource, such as an S3 bucket1. An example of an Elasticsearch resource-based policy (often referred to as a domain access policy in the Elasticsearch context) is provided below:

July 1, 2020 Read