Package software.amazon.awscdk.services.iam

Class AccountRootPrincipal

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.iam.PrincipalBase
software.amazon.awscdk.services.iam.ArnPrincipal
software.amazon.awscdk.services.iam.AccountPrincipal
software.amazon.awscdk.services.iam.AccountRootPrincipal
All Implemented Interfaces:
IAssumeRolePrincipal, IComparablePrincipal, IGrantable, IPrincipal, software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.130.0 (build 048a5ee)", date="2026-05-20T12:39:48.018Z") @Stability(Stable) public class AccountRootPrincipal extends AccountPrincipal
Use the AWS account into which a stack is deployed as the principal entity in a policy.

Example: 

 IRole myTrustedAdminRole = Role.fromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
 // Creates a limited admin policy and assigns to the account root.
 PolicyDocument myCustomPolicy = PolicyDocument.Builder.create()
         .statements(List.of(PolicyStatement.Builder.create()
                 .actions(List.of("kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*"))
                 .principals(List.of(new AccountRootPrincipal()))
                 .resources(List.of("*"))
                 .build()))
         .build();
 Key key = Key.Builder.create(this, "MyKey")
         .policy(myCustomPolicy)
         .build();

  • Constructor Details

    • AccountRootPrincipal

      protected AccountRootPrincipal(software.amazon.jsii.JsiiObjectRef objRef)

    • AccountRootPrincipal

      protected AccountRootPrincipal(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • AccountRootPrincipal

      @Stability(Stable) public AccountRootPrincipal()

  • Method Details

    • toString

      @Stability(Stable) @NotNull public String toString()
      Returns a string representation of an object.
      Overrides:
      toString in class AccountPrincipal