I have created below S3 policy for a user-name - john under account : 416XXXXXX, so that he is only allowed to use consolek S3 folder.
我在用户名下创建了以下S3策略 - john帐户:416XXXXXX,这样他才被允许使用consolek S3文件夹。
But this is giving following error : This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies.
但这会产生以下错误:此策略包含以下错误:已禁用字段Principal有关IAM策略语法的详细信息,请参阅AWS IAM策略。
What exactly I am missing here ?
我到底错过了什么?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1487252735934",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::john",
"Principal": {
"AWS": [
"arn:aws:iam::416XXXXXX:user/karthik"
]
}
}
]
}
2 个解决方案
#1
1
Is this an S3 bucket policy or an IAM policy? Your question says it is a bucket policy, but the error says it is an IAM policy. An IAM policy does not contain a Principle section, since it is assigned directly to the Principle that would be using it.
这是S3存储桶策略还是IAM策略?您的问题是它是一个存储桶策略,但错误表明它是一个IAM策略。 IAM策略不包含Principle部分,因为它直接分配给将使用它的Principle。
#2
0
IAM policy does not have Principle section. You can create resource-based policy at http://awspolicygen.s3.amazonaws.com/policygen.html.
IAM策略没有Principle部分。您可以在http://awspolicygen.s3.amazonaws.com/policygen.html上创建基于资源的策略。
#1
1
Is this an S3 bucket policy or an IAM policy? Your question says it is a bucket policy, but the error says it is an IAM policy. An IAM policy does not contain a Principle section, since it is assigned directly to the Principle that would be using it.
这是S3存储桶策略还是IAM策略?您的问题是它是一个存储桶策略,但错误表明它是一个IAM策略。 IAM策略不包含Principle部分,因为它直接分配给将使用它的Principle。
#2
0
IAM policy does not have Principle section. You can create resource-based policy at http://awspolicygen.s3.amazonaws.com/policygen.html.
IAM策略没有Principle部分。您可以在http://awspolicygen.s3.amazonaws.com/policygen.html上创建基于资源的策略。