From 3fba56e054b90dd2e5354636cc4d142e548e42d9 Mon Sep 17 00:00:00 2001
From: Benoit Durand <benoit.durand.mail@gmail.com>
Date: Mon, 27 Jan 2025 22:18:15 +0100
Subject: [PATCH] feat(iam): add warning log when AccountPrincipal argument is
 not exactly 12 digits

---
 packages/aws-cdk-lib/aws-iam/lib/principals.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/aws-cdk-lib/aws-iam/lib/principals.ts b/packages/aws-cdk-lib/aws-iam/lib/principals.ts
index 498cc4273d5b4..f111b0b5bb773 100644
--- a/packages/aws-cdk-lib/aws-iam/lib/principals.ts
+++ b/packages/aws-cdk-lib/aws-iam/lib/principals.ts
@@ -471,6 +471,7 @@ export class ArnPrincipal extends PrincipalBase {
  */
 export class AccountPrincipal extends ArnPrincipal {
   public readonly principalAccount: string | undefined;
+  private accountIdRegExp = new RegExp('^[0-9]{12}$');
 
   /**
    *
@@ -481,6 +482,10 @@ export class AccountPrincipal extends ArnPrincipal {
     if (!cdk.Token.isUnresolved(accountId) && typeof accountId !== 'string') {
       throw new Error('accountId should be of type string');
     }
+    if (!this.accountIdRegExp.test(accountId)) {
+      /* eslint-disable-next-line no-console */
+      console.warn('accountId should be a 12-digit number');
+    }
     this.principalAccount = accountId;
   }