how to add an inline policy to allow s3:ListBucket for a certain User-CodePudding

I'm trying to add this as an inline policy, with arn for user (principle) and arn for bucket (resource).


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::00000000:user/name"
            },
            "Action": ”s3:ListBucket”
            "Resource": "arn:aws:s3:::bucket name"
        }
    ]
}

error: Unsupported Principal: The policy type IDENTITY_POLICY does not support the Principal element. Remove the Principal element

tried adding this snippet as an inline policy but I have to find another way due to error Unsupported Principal: The policy type IDENTITY_POLICY does not support the Principal element. Remove the Principal element

CodePudding user response：

Just remove the principal element.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ”s3:ListBucket”
            "Resource": "arn:aws:s3:::bucket name"
        }
    ]
}

CodePudding user response：

This should be working for you, just replace the user with correct AWS user.

{
  "Id": "Policy1673568063233",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1673568062150",
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::bucket name",
      "Principal": {
        "AWS": [
          "arn:aws:iam::00000000:user/name"
        ]
      }
    }
  ]
}

AWS policy generator is always a great place for dealing with policy generation

https://awspolicygen.s3.amazonaws.com/policygen.html