The type of the identity. The following values are possible:
Root– The request was made with your AWS account credentials. If the
Rootand you set an alias for your account, the
userNamefield contains your account alias. For more information, see Your AWS Account ID and Its Alias.
IAMUser– The request was made with the credentials of an IAM user.
AssumedRole– The request was made with temporary security credentials that were obtained with a role via a call to the AWS Security Token Service (AWS STS)
AssumeRoleAPI. This can include roles for Amazon EC2 and cross-account API access.
FederatedUser– The request was made with temporary security credentials that were obtained via a call to the AWS STS
sessionIssuerelement indicates if the API was called with root or IAM user credentials.
For more information about temporary security credentials, see Temporary Security Credentials in the IAM User Guide.
AWSAccount– The request was made by another AWS account.
AWSService– The request was made by an AWS account that belongs to an AWS service. For example, AWS Elastic Beanstalk assumes an IAM role in your account to call other AWS services on your behalf.
AWSService appear for
type in your logs when there is cross-account access using an IAM role that you own.