Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Trust Policy Has prohibited field Principal

Tags:

amazon-web-services

amazon-iam

I'm trying to create an IAM role and assign it to an EC2 instance according to Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI.

The policy looks like below:

{  "Version": "2012-10-17",  "Statement": [  {     "Effect": "Allow",     "Principal": {     "Service": "ec2.amazonaws.com"     },     "Action": "sts:AssumeRole"   }  ]

}

But it gives this error:

This policy contains the following error: Has prohibited field Principal

There is a similar question here but it couldn't fix this issue.

Any help would be appreciated.

like image 562
Matrix Avatar asked Aug 03 '17 08:08

Matrix

People also ask

Has prohibited field principal for more information about the IAM policy?

In order to solve the "Policy has Prohibited field Principal" error, we have to add the Principal field to the role's trust policy, and not its permissions policy. The Principal field defines the IAM user or role, which is allowed access and it belongs in the trust policy.

What are principals in AWS policy?

A principal is a person or application that can make a request for an action or operation on an AWS resource. The principal is authenticated as the AWS account root user or an IAM entity to make requests to AWS. As a best practice, do not use your root user credentials for your daily work.

Why am I getting the error invalid principal in policy when I try to update my Amazon s3 bucket policy?

If your bucket policy uses IAM users or roles as Principals, then confirm that those IAM identities weren't deleted. When you edit and then try to save a bucket policy with a deleted IAM ARN, you get the "Invalid principal in policy" error.

How do I change my AWS trust policy?

In the navigation pane of the IAM console, choose Roles. The console displays the roles for your account. Choose the name of the role that you want to modify, and select the Trust relationships tab on the details page. Choose Edit trust relationship.

1 Answers

Faced the same issue when trying to update the "Trust Relationship" Or same known as "Trust Policy". "Principal" comes to play only in "Trust Policy". May be by mistake you are updating normal policy falling under the permissions tab. Try updating the policy under "Trust Relationships" tab as below:

    {       "Version": "2012-10-17",       "Statement": [       {          "Effect": "Allow",          "Principal": {            "Service": [            "ec2.amazonaws.com",            "lambda.amazonaws.com"            ]           },          "Action": "sts:AssumeRole"        }      ]     }
like image 152
Abhishek Sinha Avatar answered Sep 28 '22 21:09

Abhishek Sinha
Sign in to Comment

Related questions

How to find AMI ID of CentOS 7 image in AWS Marketplace?
Deleting uploaded certificate from elastic load balancer
Parse stream to object in Nodejs
How to auto scale Amazon DynamoDB throughput?
How to allow my user to reset their password on Cognito User Pools?
AWS EC2 Elastic IPs bandwidth usage and charges
Backup: Amazon S3 or Glacier - lots of little files?
Lambda@Edge not logging on cloudfront request
How to generate a temporary url to upload file to Amazon S3 with boto library?
Inconsistent cache values using Zend Cache with AWS ElastiCache across multiple servers
AWS Your account is not ready for posting messages yet
Can AWS CodePipeline track multiple feature branches and run tests on each?
Properly catch boto3 Errors
AWS API Gateway: limit requests from a single IP
How to close Boto S3 connection?
AWS CLI config file vs. credentials file
Amazon EC2 EBS backup: AMI vs Snapshot
What does IOPS (in Amazon EBS) mean in practice?
AWS products and services naming nomenclature starting with 'Amazon' vs 'AWS'
Incorporate existing AWS resources into a CloudFormation stack

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!