AWS Discussion Forum

AWS Discussion Forum > Q & A > System Administration Help > "Principle" error setting S3 Bucket Policy
Full Version: "Principle" error setting S3 Bucket Policy
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

ConImp

11-07-2022, 05:38 PM
Greetings!

This is my first post on this forum.  I'm relatively new to AWS and am setting up an S3 Bucket for a static website and when trying to set an S3 Bucket Policy generated from the policy generator, I am getting an error:


Unknown Error
An unexpected error occurred.

*API Response
Invalid principle in policy

Here is the JSON script I am using from out of the policy generator.  Note: I pasted into Notepad and recopied first for formatting purposes:

{
  "Id": "Policy1657559771298",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1657559769311",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:awsConfused3:::continuous-improvement.org",
      "Principal": {
        "AWS": [
          "admin-w"
        ]
      }
    }
  ]
}


Please let me know if you have any ideas...

fzs

14-07-2022, 01:19 PM
(11-07-2022, 05:38 PM)ConImp Wrote: [ -> ]*API Response
Invalid principle in policy


      "Principal": {
        "AWS": [
          "admin-w"
        ]
      }


This is happening most likely due to the incorrect syntax for the principal element. It has to be listed with a proper ARN format. You can find this in the IAM details for the user you are attempting to give access to. Assuming you have created this user already. Example below:

Code:
"Principal": {
    "AWS": "arn:aws:iam::111111111111:user/user-name1"
  }

or for multiple usernames:


[font=Consolas, 'Andale Mono WT', 'Andale Mono', 'Lucida Console', 'Lucida Sans Typewriter', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Liberation Mono', 'Nimbus Mono L', Monaco, 'Courier New', Courier, monospace]"Principal": {
  "AWS": [
    "arn:aws:iam::111111111111:user/user-name1",
    "arn:aws:iam::111111111111:user/user-name2"
  ]
}[/font]


More details on how to properly format the Principal element can be found here: https://docs.aws.amazon.com/IAM/latest/U...cipal.html

ConImp

16-07-2022, 10:43 PM
I was able to figure this out. The sample JSON scripts don't really get you all the way there, but here's what I used.

{
"Id": "Policy1658008936181",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1658008933263",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:awsConfused3::Confused3bucketname",
"Principal": {
"AWS": [
"arn:aws:iam::accountnumber:user/admin-w"
]
}
}
]
}

I built the statement using the Policy Generator, but it doesn't build it all the way, so you have to go back and add the "arn.aws.iam::accountnumber:user/user-name" line. Not sure why this is, but now that I know, I wanted to pass this along. This may be a noob pitfall, but hopefully this will help someone else at some point.
AWS Discussion Forum > Q & A > System Administration Help > "Principle" error setting S3 Bucket Policy