diff --git a/packages/@aws-cdk/aws-iam/lib/principals.ts b/packages/@aws-cdk/aws-iam/lib/principals.ts
index 8cb94c33a0b1d..77dc3003a4ddf 100644
--- a/packages/@aws-cdk/aws-iam/lib/principals.ts
+++ b/packages/@aws-cdk/aws-iam/lib/principals.ts
@@ -394,6 +394,9 @@ export class AccountPrincipal extends ArnPrincipal {
    */
   constructor(public readonly accountId: any) {
     super(new StackDependentToken(stack => `arn:${stack.partition}:iam::${accountId}:root`).toString());
+    if (!cdk.Token.isUnresolved(accountId) && typeof accountId !== 'string') {
+      throw new Error('accountId should be of type string');
+    }
     this.principalAccount = accountId;
   }
 
diff --git a/packages/@aws-cdk/aws-iam/test/principals.test.ts b/packages/@aws-cdk/aws-iam/test/principals.test.ts
index 34206540def53..b5c936be58a2e 100644
--- a/packages/@aws-cdk/aws-iam/test/principals.test.ts
+++ b/packages/@aws-cdk/aws-iam/test/principals.test.ts
@@ -294,6 +294,10 @@ test('AccountPrincipal can specify an organization', () => {
   });
 });
 
+test('Passing non-string as accountId parameter in AccountPrincipal constructor should throw error', () => {
+  expect(() => new iam.AccountPrincipal(1234)).toThrowError('accountId should be of type string');
+});
+
 test('ServicePrincipal in agnostic stack generates lookup table', () => {
   // GIVEN
   const stack = new Stack();