Getting error: "Has prohibited field Principal", when creating policy
I want to create a policy to allow everyone to read my S3 bucket, this is the policy that I have created (I am following this guide):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::my-s3-bucket/*",
"Principal": "*"
}
]
}
I cannot create this policy, this is the error that I am getting:
This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies
Solution
The problem was, I was creating the new Policy in IAM. I had to add the policy in S3, as a bucket Policy:
Select S3 Bucket -> Permissions -> Bucket Policy: paste the policy here
Note: If you want to grant read permission to anonymous user at the bucket level, then you need to turn off the following two settings.
- AWS Lambda container (aws-nuke) exits with Runtime.ExitError even though process returns exit code 0
- Where in the aws management console to modify elastic beanstalk health check url?
- Can we remove a security group from an running EC2 instance?
- "module 'os' has no attribute 'add_dll_directory'" in aws lambda function
- AWS Lex descriptive bot builder
- How can I check an AWS SQS queue is available before accessing it?
- What is an 'invalid principal' in an AWS cloud formation error message?
- Terraform launch EC2 condition based on count
- Pod is using node group role instead of service account in aws eks with an up to date AWS SDK
- Can't enable EnableExecuteCommand in ECS service blue/green
- CloudFormation, apply Condition on DependsOn
- How to deploy an AWS Amplify app from GitHub Actions?
- AWS - How to install java11 on an EC2 Linux machine?
- Redshift cannot parse response from python lambda
- couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server
- How can I set the AWS API Gateway timeout higher than 30 seconds?
- AWS moving large amount of objects
- Extract data and sibling node from sub-array
- How is it possible to debug an AWS Lambda function from remote?
- Getting "No AWS accounts are available to you" when using aws configure sso
- What are the differences between AWS Cloud HSM and KMS?
- Build IcebergSinkConnector with AWSKafkaAvroConverter for MSK Connect
- How to avoid full table scan in Glue's create_dynamic_frame.from_options for dynamodb
- AWS CodeDeploy: stuck on install step
- How to debug a failed systemctl service (code=exited, status=217/USER)?
- Hot partition problem in DynamoDB gone with the new on-demand feature?
- Add image files into react state using 'useState'
- WGET seems not to work with user data on AWS EC2 launch
- Automating access to models in AWS Bedrock
- Unable to submit (resubmit?) use case for model access