How to define Specific Bucket Only Allow S3 Full Access Policy to that bucket only?

1
votes

I have created below S3 policy for a user-name - john under account : 416XXXXXX, so that he is only allowed to use consolek S3 folder.

But this is giving following error : This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies.

What exactly I am missing here ?

{  
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1487252735934",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::john",
      "Principal": {
        "AWS": [
          "arn:aws:iam::416XXXXXX:user/karthik"
        ]
      }
    }
  ]
}
2
amazon-web-servicesamazon-s3
Related: Grammar of the IAM JSON Policy Language.kenorb
Possible duplicate of AWS Trust Policy Has prohibited field Principalkenorb

2 Answers

1
votes

Is this an S3 bucket policy or an IAM policy? Your question says it is a bucket policy, but the error says it is an IAM policy. An IAM policy does not contain a Principle section, since it is assigned directly to the Principle that would be using it.

1
votes

IAM policy does not have Principle section. You can create resource-based policy at http://awspolicygen.s3.amazonaws.com/policygen.html.