Getting error: "Has prohibited field Principal", when creating policy

1
votes

I want to create a policy to allow everyone to read my S3 bucket, this is the policy that I have created (I am following this guide):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::my-s3-bucket/*",
            "Principal": "*"
        }
    ]
}

I cannot create this policy, this is the error that I am getting:

This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies

2
amazon-web-servicesamazon-s3amazon-policy

2 Answers

1
votes

I have generated the policy which you want using the Policy Generator.

{
  "Id": "Policy1567210887639",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1567210883302",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-s3-bucket/*",
      "Principal": "*"
    }
  ]
}

Check if this works for you.

1
votes

The problem was, I was creating the new Policy in IAM. I had to add the policy in S3, as a bucket Policy:

Select S3 Bucket -> Permissions -> Bucket Policy: paste the policy here

enter image description here

Note: If you want to grant read permission to anonymous user at the bucket level, then you need to turn off the following two settings.

enter image description here