How do I resolve the "Has prohibited field Principal" error that I receive when I create or update an IAM policy?
2 minute read
0
I want to resolve the "Has prohibited field Principal" error that I receive when I create or update my AWS Identity and Access Management (IAM) policy.
Resolution
If your IAM identity-based policy includes the Principal element, then you receive the "Has prohibited field Principal" error. You can use the Principal element only in resource-based policies to control the IAM identity that's allowed to access the resource. You don't need to use the Principal element in an identity-based policy because you attach the policy to IAM identities.
Make sure that you create your resource-based policy in the AWS service that's associated with your resource. To check whether an AWS service uses resource-based policies, see AWS services that work with IAM.