AWS CloudTrail userIdentity Fields

The type of the identity. The following values are possible:

  • Root – The request was made with your AWS account credentials. If the userIdentity type is Root and you set an alias for your account, the userNamefield contains your account alias. For more information, see Your AWS Account ID and Its Alias.
  • IAMUser – The request was made with the credentials of an IAM user.
  • AssumedRole – The request was made with temporary security credentials that were obtained with a role via a call to the AWS Security Token Service (AWS STS) AssumeRole API. This can include roles for Amazon EC2 and cross-account API access.
  • FederatedUser – The request was made with temporary security credentials that were obtained via a call to the AWS STS GetFederationToken API. ThesessionIssuer element indicates if the API was called with root or IAM user credentials.

    For more information about temporary security credentials, see Temporary Security Credentials in the IAM User Guide.

  • AWSAccount – The request was made by another AWS account.
  • AWSService – The request was made by an AWS account that belongs to an AWS service. For example, AWS Elastic Beanstalk assumes an IAM role in your account to call other AWS services on your behalf.

AWSAccount and AWSService appear for type in your logs when there is cross-account access using an IAM role that you own.

Leave a Reply

Your email address will not be published. Required fields are marked *