Error Invalid principal in policy?

时间:2017-08-23 03:34:05

标签: amazon-web-services amazon-s3 amazon-cloudfront

This is my bucket policy.i am getting Error Invalid principal in policy error in the below policy. why it is coming whats wrong with the policy?

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity AJDNXHS78E5DD4DF41FD5"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my_bucket/*"
        }
    ]
}

2 个答案:

答案 0 :(得分:1)

我遇到了同样的问题,最后发现我使用了错误的访问身份字符串, 您可以从 Cloud 前端部分的原始访问身份选项卡中获取正确的身份

您也可以使用 CanonicalUser 作为选项。

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

答案 1 :(得分:0)

此“arn:aws:iam :: cloudfront:user / CloudFront Origin Access Identity AJDNXHS78E5DD4DF41FD5”不是有效的ARN,例如对于IAM用户,格式应为“arn:aws:iam :: account-id:user / user-name”,不确定为什么使用cloudfront而不是帐号。看起来您正在尝试授予cloudfron源身份,请使用此处提到的示例策略: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

相关问题
最新问题