Amit Meena
Reputation: 4454
Error while creating resource based policy
Trying to create a resource-based policy and specifying a group as principal but it is failing,
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<acc_number>:group/dev-group"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<bucket>/text.txt"
}
]
}
It fails with error:
Upvotes: 0
Views: 380
Answers (1)
Caldazar
Reputation: 3812
This is not possible, per AWS documentation.
You can specify any of the following principals in a policy:
- AWS account and root user
- IAM users
- Federated users (using web identity or SAML federation)
- IAM roles
- Assumed-role sessions
- AWS services
- Anonymous users (not recommended)
Upvotes: 1
Related Questions
- EC2 IAM Policy not working with ResourceTag
- User is not authorized to perform: iam:CreatePolicy on resource: policy AWSLambdaBasicExecutionRole?
- An error occurred: Policy document should not specify a principal
- A PolicyStatement used in an identity-based policy cannot specify any IAM principals error
- Getting error while creating the policy IAM resource path must either be
- IamRoleLambdaExecution - Syntax errors in policy
- Getting an error for the below IAM policy "This policy contains the following error: Missing required field Effect "
- IAM Policy with `aws:ResourceTag` not supported
- AWS-IAM policy on access key giving error message
- AWS malformed policy error