1 Answer
- Newest
- Most votes
- Most comments
0
Hello, Please use the sample policy below. Using the AROAEXAMPLEID that you just retrieved via the AWS CLI
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringLike": {
"aws:userId": "AIDAEXAMPLEID"
}
}
},
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::1234567890:distribution/asdf"
}
}
}
]
}
=====================================
Run the command: aws iam get-user -–user-name USER-NAME In the output, look for the userId string, which will begin with AIDAEXAMPLEID.
If you are still facing issues, we need to check on Encryption, IAM user permissions and other factors mentioned in the article.
Relevant content
- Accepted Answerasked 3 years ago
- asked a year ago
- asked 9 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago