2

I want to create a policy to allow everyone to read my S3 bucket, this is the policy that I have created (I am following this guide):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::my-s3-bucket/*",
            "Principal": "*"
        }
    ]
}

I cannot create this policy, this is the error that I am getting:

This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies

Hooman Bahreini
  • 14,480
  • 11
  • 70
  • 137

2 Answers2

2

The problem was, I was creating the new Policy in IAM. I had to add the policy in S3, as a bucket Policy:

Select S3 Bucket -> Permissions -> Bucket Policy: paste the policy here

enter image description here

Note: If you want to grant read permission to anonymous user at the bucket level, then you need to turn off the following two settings.

enter image description here

Hooman Bahreini
  • 14,480
  • 11
  • 70
  • 137
1

I have generated the policy which you want using the Policy Generator.

{
  "Id": "Policy1567210887639",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1567210883302",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-s3-bucket/*",
      "Principal": "*"
    }
  ]
}

Check if this works for you.

Pacifist
  • 3,025
  • 2
  • 12
  • 20
  • 1
    Thanks, I tried it and am getting the same error. I pasted the exact script from AWS Policy Generator and still getting this error! – Hooman Bahreini Aug 31 '19 at 00:40
  • https://stackoverflow.com/questions/45478585/aws-trust-policy-has-prohibited-field-principal trying checking out the trust policy – Pacifist Aug 31 '19 at 01:03