How to setup a policy for Amazon S3 bucket to be accessible only to an IAM user?

Question

I have a bunch of files that I would like to put on S3 such that access to them is restricted only to a particular IAM user. I've tried associating a policy with the user, and with the bucket, and am trying to access a file in the bucket using s3-cmd. However, I keep getting the access denied xml in the response (403 forbidden). My policy looks like this:

{
    "Version": "2008-10-17",
    "Statement": [
        {
        "Sid": "<a statementID>",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::<my-account-num>:user/<username>"
        },
        "Action": "s3:*",
        "Resource": [
            "arn:aws:s3:::<bucket-name>/*",
            "arn:aws:s3:::<bucket>"
            ]
         }
    ]
}

Only if I set the Principal to "AWS": "*", am I able to download the resource through the REST calls.

The user in question has the "Power User" policy attached to it:

{
  "Statement": [
   {
      "Effect": "Allow",
      "NotAction": "iam:*",
      "Resource": "*"
   }
 ]

}

How do I use an S3 bucket for private-only access? Please help.

Answer 1

The problem was not with the policy, but the machine it was accessed from. I was trying to do a retrieve operation for an S3 resource from an EC2 instance. Today I found out that one can make every EC2 instance "assume" an IAM Role. When the instance does that, it inherits the permissions specified for that role. So just creating a role with the following policy:

{
  "Statement": [
    {
     "Effect": "Allow",
     "Action": "s3:*",
     "Resource": "*"
    }
   ]
}

and making the EC2 instance assume this role allows it to communicate with the S3 buckets.