diff --git a/aws/application_load_balancer/__examples__/.planshots.txt b/aws/application_load_balancer/__examples__/.planshots.txt
index 7cfa395..47ea069 100644
--- a/aws/application_load_balancer/__examples__/.planshots.txt
+++ b/aws/application_load_balancer/__examples__/.planshots.txt
@@ -565,6 +565,6 @@ website_endpoint:                                     <computed>
 + module.initech_production_load_balancer.module.load_balancer.aws_s3_bucket_policy.load_balancer_access_logs
 id:                                                   <computed>
 bucket:                                               "${aws_s3_bucket.load_balancer_access_logs.id}"
-policy:                                               "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Action\": [\n        \"s3:PutObject\"\n      ],\n      \"Effect\": \"Allow\",\n      \"Resource\": \"${aws_s3_bucket.load_balancer_access_logs.arn}/AWSLogs/${data.aws_caller_identity.aws_account.account_id}/*\",\n      \"Principal\": {\n        \"AWS\": [\n          \"${lookup(local.elastic_load_balancing_account_ids, aws_s3_bucket.load_balancer_access_logs.region)}\"\n        ]\n      }\n    }\n  ]\n}\n"
+policy:                                               "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Action\": [\n        \"s3:PutObject\"\n      ],\n      \"Effect\": \"Allow\",\n      \"Resource\": \"${aws_s3_bucket.load_balancer_access_logs.arn}/AWSLogs/${data.aws_caller_identity.aws_account.account_id}/*\",\n      \"Principal\": {\n        \"AWS\": [\n          \"arn:aws:iam::${lookup(local.elastic_load_balancing_account_ids, aws_s3_bucket.load_balancer_access_logs.region)}:root\"\n        ]\n      }\n    }\n  ]\n}\n"
 Plan: 38 to add, 0 to change, 0 to destroy.
 
diff --git a/aws/application_load_balancer/load_balancer/main.tf b/aws/application_load_balancer/load_balancer/main.tf
index 2a59571..9bddd1f 100644
--- a/aws/application_load_balancer/load_balancer/main.tf
+++ b/aws/application_load_balancer/load_balancer/main.tf
@@ -77,7 +77,7 @@ resource "aws_s3_bucket_policy" "load_balancer_access_logs" {
           "Resource": "${aws_s3_bucket.load_balancer_access_logs.arn}/AWSLogs/${data.aws_caller_identity.aws_account.account_id}/*",
           "Principal": {
             "AWS": [
-              "${lookup(local.elastic_load_balancing_account_ids, aws_s3_bucket.load_balancer_access_logs.region)}"
+              "arn:aws:iam::${lookup(local.elastic_load_balancing_account_ids, aws_s3_bucket.load_balancer_access_logs.region)}:root"
             ]
           }
         }