Home > Blockchain >  Error while creating resource based policy
Error while creating resource based policy

Time:10-12

Trying to create a resource-based policy and specifying a group as principal but it is failing,

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<acc_number>:group/dev-group"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<bucket>/text.txt"
        }
    ]
}

It fails with error:

enter image description here

CodePudding user response:

This is not possible, per AWS documentation.

You can specify any of the following principals in a policy:

  • AWS account and root user
  • IAM users
  • Federated users (using web identity or SAML federation)
  • IAM roles
  • Assumed-role sessions
  • AWS services
  • Anonymous users (not recommended)

JSON policy documentation

AWS support forum

  • Related