Vikas Satpute
Reputation: 174
This policy contains the following error: Has prohibited field Principal
I am allowing action from only specified range of ip address and denies aceess for rest ip's.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::510680944440:user/wu-core-dev-auto-start-stop-lambda-invoke"
},
"Action": "sts:AssumeRole",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"10.38.6.123/24"
]
}
}
}]
}
Upvotes: 1
Views: 5041
Answers (1)
marcincuber
Reputation: 3791
So, from the official AWS docs we know the following;
Use the Principal element to specify the IAM user, federated user, IAM role, AWS account, AWS service, or other principal entity that is allowed or denied access to a resource. You cannot use the Principal element in an IAM identity-based policy. You can use it in the trust policies for IAM roles and in resource-based policies. Resource-based policies are policies that you embed directly in an IAM resource.
Assuming that answers your question, my proposed solution would be simple;
- Remove Principal block from your policy
- Add "Resource": "arn:aws:iam::510680944440:user/wu-core-dev-auto-start-stop-lambda-invoke"
More on principals -> AWS docs
Upvotes: 1
Related Questions
- policy contains an invalid JSON POLICY
- Invalid principal in policy: MalformedPolicyDocument
- Aws json policy - Error: Parse error on line 10
- Data Type Mismatch and Policies must be valid JSON and the first byte must be '{'
- An error occurred: Policy document should not specify a principal
- MalformedPolicyDocumentException while creating IAM policy using Boto
- Getting an error for the below IAM policy "This policy contains the following error: Missing required field Effect "
- AWS: This policy contains the following JSON error: Unexpected token } in JSON at position 228
- Getting error: "Has prohibited field Principal", when creating policy
- MalformedPolicyDocument error while creating an IAM Policy