{"id":"iam-principal-is-aws-service-only-direct-calls","text":"`aws:PrincipalIsAWSService` is `true` only when an AWS service principal (e.g., `cloudtrail.amazonaws.com`) makes a direct call — it is `false` when a service uses a service role or service-linked role.","truth_value":"IN","source":"entries/2026/03/11/IAM-latest-UserGuide-reference_policies_condition-keyshtml.md","source_url":"","source_hash":"e2027fc5516d6eee","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-principal-is-aws-service-only-direct-calls","truth_value":"IN","reason":"premise"}]}}