AWS Discussion Forum

Full Version: "Principle" error setting S3 Bucket Policy
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Greetings!

This is my first post on this forum.  I'm relatively new to AWS and am setting up an S3 Bucket for a static website and when trying to set an S3 Bucket Policy generated from the policy generator, I am getting an error:


Unknown Error
An unexpected error occurred.

*API Response
Invalid principle in policy

Here is the JSON script I am using from out of the policy generator.  Note: I pasted into Notepad and recopied first for formatting purposes:

{
  "Id": "Policy1657559771298",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1657559769311",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:awsConfused3:::continuous-improvement.org",
      "Principal": {
        "AWS": [
          "admin-w"
        ]
      }
    }
  ]
}


Please let me know if you have any ideas...
(11-07-2022, 05:38 PM)ConImp Wrote: [ -> ]*API Response
Invalid principle in policy


      "Principal": {
        "AWS": [
          "admin-w"
        ]
      }


This is happening most likely due to the incorrect syntax for the principal element. It has to be listed with a proper ARN format. You can find this in the IAM details for the user you are attempting to give access to. Assuming you have created this user already. Example below:

Code:
"Principal": {
    "AWS": "arn:aws:iam::111111111111:user/user-name1"
  }

or for multiple usernames:


[font=Consolas, 'Andale Mono WT', 'Andale Mono', 'Lucida Console', 'Lucida Sans Typewriter', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Liberation Mono', 'Nimbus Mono L', Monaco, 'Courier New', Courier, monospace]"Principal": {
  "AWS": [
    "arn:aws:iam::111111111111:user/user-name1",
    "arn:aws:iam::111111111111:user/user-name2"
  ]
}[/font]


More details on how to properly format the Principal element can be found here: https://docs.aws.amazon.com/IAM/latest/U...cipal.html
I was able to figure this out. The sample JSON scripts don't really get you all the way there, but here's what I used.

{
"Id": "Policy1658008936181",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1658008933263",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:awsConfused3::Confused3bucketname",
"Principal": {
"AWS": [
"arn:aws:iam::accountnumber:user/admin-w"
]
}
}
]
}

I built the statement using the Policy Generator, but it doesn't build it all the way, so you have to go back and add the "arn.aws.iam::accountnumber:user/user-name" line. Not sure why this is, but now that I know, I wanted to pass this along. This may be a noob pitfall, but hopefully this will help someone else at some point.