AWS s3 bucket policy invalid group principal

Question

This is a follow on from How can i enforce file type uploads with an AWS S3 bucket policy

When applying the bucket policy:

{   "Version":"2008-10-17",   "Statement": [     {       "Sid":"AddPerm",       "Effect":"Allow",       "Principal": { "AWS": "arn:aws:iam::111122223333:group/admins" },       "Action": "s3:PutObject",       "Resource": "arn:aws:s3:::bucket/*.txt"     }   ] } 

The group "admins" definitely exists, but I get the error: "Invalid principal in policy - "AWS" : "arn:aws:iam::111122223333:group/admins""

Why is it not recognised?

Answer 1

It's not possible to use groups in Principal at the moment. See https://forums.aws.amazon.com/message.jspa?messageID=356160