1 Answer
- Newest
- Most votes
- Most comments
0
Hello, Please use the sample policy below. Using the AROAEXAMPLEID that you just retrieved via the AWS CLI
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringLike": {
"aws:userId": "AIDAEXAMPLEID"
}
}
},
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::1234567890:distribution/asdf"
}
}
}
]
}
=====================================
Run the command: aws iam get-user -–user-name USER-NAME In the output, look for the userId string, which will begin with AIDAEXAMPLEID.
If you are still facing issues, we need to check on Encryption, IAM user permissions and other factors mentioned in the article.
Relevant content
- Accepted Answerasked a year ago
- asked 9 months ago
- Accepted Answerasked 2 years ago
- asked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 months ago