Invalid principal in bucket policy

2
votes

I am trying to learn how to develop web applications using AWS and following this workshop Build a Modern Web Application I have to update the s3 bucket policy, so as per the instructions in section B, I replaced the string REPLACE_ME_BUCKET_NAME in the JSON file with the bucket name that I created mythicalbucket1 and this is the error I get:

An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Invalid principal in policy.

This is the JSON file:

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity REPLACE_ME_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ID"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mythicalbucket1"
        }
    ]
}

I tried reading the documentation for bucket policies and since I have to give access to the public (or everyone), I replaced the value for Principal as * which again gives a different error.

Looking at the JSON file, I'm assuming REPLACE_ME_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ID has to be replaced with some CloudFront ID but not sure if that is needed in this case.

I did go through the various documentations about the CloudFront ID and bucket policies but everything is still confusing. Would appreciate any help with this.

1
amazon-web-servicesamazon-s3

1 Answers

1
votes

It appears that the files provided with that workshop reference the use of Amazon CloudFront. However, the instructions do not mention it.

Therefore, you should simply use: "Principal": "*"

Also, please note that there should be a /* at the end of this line:

"Resource": "arn:aws:s3:::REPLACE_ME_BUCKET_NAME/*"

Make sure there is still a /* after your bucket name.