Question 19103 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

how to add an inline policy to allow s3:ListBucket for a certain User – Amazon Web Sevices

I’m trying to add this as an inline policy, with arn for user (principle) and arn for bucket (resource).


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::00000000:user/name"
            },
            "Action": ”s3:ListBucket”
            "Resource": "arn:aws:s3:::bucket name"
        }
    ]
}

error: Unsupported Principal: The policy type IDENTITY_POLICY does not support the Principal element. Remove the Principal element

tried adding this snippet as an inline policy but I have to find another way due to error Unsupported Principal: The policy type IDENTITY_POLICY does not support the Principal element. Remove the Principal element

Tags:

3

Answers


  1. 0

    Just remove the principal element.

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ”s3:ListBucket”
            "Resource": "arn:aws:s3:::bucket name"
        }
    ]
}
    Login or Signup to reply.
  2. 0

    This should be working for you, just replace the user with correct AWS user.

    {
  "Id": "Policy1673568063233",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1673568062150",
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bucket name",
      "Principal": {
        "AWS": [
          "arn:aws:iam::00000000:user/name"
        ]
      }
    }
  ]
}

    AWS policy generator is always a great place for dealing with policy generation

    https://awspolicygen.s3.amazonaws.com/policygen.html

    Login or Signup to reply.
  3. 0

    There are two places you might place such a policy:

    • Bucket Policy
    • Policy on an IAM User

    If you are creating a Bucket Policy, it will require a Principal.

    However, if you are wanting to assign rules to a specific IAM User, then it is better to create a policy on the IAM User themselves. When doing this, there should not be a Principal because this is inferred by the IAM User on which the policy is placed.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search