Menu
I'm trying to make my entire S3 bucket public, but when I try to add the policy:
{ "Id": "Policy1454540872039", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1454540868094", "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::sneakysnap/*", "Principal": { "AWS": [ "985506495298" ] } } ] } It tells me that my "Resource is invalid", but that is definitely the right arn and that is definitely the right bucket name. Anyone know what's going on?
701
If you're denied permissions, then use another IAM identity that has bucket access, and edit the bucket policy. Or, delete and recreate the bucket policy if no one has access to it. If you're trying to add a public read policy, then disable the bucket's S3 Block Public Access.
You receive the "Error: Invalid principal in policy" message when the value of a Principal in your bucket policy is not valid. To resolve this error, confirm the following: Your bucket policy uses supported values for a Principal element. The Principal value is formatted correctly.
Simple rule: If anything amongst IAM & Bucket Policy denies, then it is denied. Otherwise, if any of them allows, then it is allowed.
If you're getting Access Denied errors on public read requests that are allowed, check the bucket's Amazon S3 block public access settings. Review the S3 Block Public Access settings at both the account and bucket level. These settings can override permissions that allow public read access.
I had this "problem" when I was trying to set a policy on the wrong bucket. That is, my arn in the policy was reading arn:aws:s3:::my-bucket-A/* but I was attempting to set it on my-bucket-B
81
I had solved the problem by this
arn:aws:s3:::your-bucket-name-here/*
'
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
