amazon s3 invalid principal in bucket policy

I was also getting the same error in the S3 Bucket policy generator. It turned out that one of the existing policies had a principal that had been deleted. The problem was not with the policy that was being added.

In this instance, to spot the policy that is bad you can look for a principal that does not have an account or a role in the ARN.

So, instead of looking like this:

"Principal": {
    "AWS": "arn:aws:iam::123456789101:role/MyCoolRole"
}

It will look something like this:

"Principal": {
    "AWS": "ABCDEFGHIJKLMNOP"
}

So instead of a proper ARN it will be an alphanumeric key like ABCDEFGHIJKLMNOP. In this case you will want to identify why the bad principal was there and most likely modify or delete it. Hopefully this will help someone as it was hard to track down for me and I didn't find any documentation to indicate this.

As the error message says, your principal is incorrect. Check the S3 documentation on specifying Principals for how to fix it. As seen in the example policies, it needs to be something like arn:aws:iam::111122223333:root.

amazon s3 invalid principal in bucket policy

Tags:

Amazon S3

Amazon Web Services

Api

Related

Recent Posts