S3 Bucket Policy Doesn't Work Due to API Response Error
Hi!
I'm following AWS Technical Essentials - 1.1.1 Module 4's Demonstration: Creating an Amazon S3 Bucket. I want to make an S3 bucket as the lecturer, Seph, shows in the video, however, I can't save due to the error stating there's an API response error. Even after adding my information to Principal and Resource, S3 policy didn't work.
Code Chunk used
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowS3ReadAccess", "Principal": { "AWS": "arn:aws:iam::398113668163:role/S3DynamoDBFullAccessRole" }, "Effect": "Allow", "Action": "s3:", "Resource": [ "arn:aws:s3:::employee-web-app-photo-bucket-sr-001", "arn:aws:s3:::employee-web-app-photo-bucket-sr-001/" ] } ] }
Error shown
Unknown Error An unexpected error occurred. API response Invalid principal in policy
For the JSON code that the lecturer used in the demonstration, please find the attached screenshot.
What can I do to solve this issue?
Thank you so much in advance!
- Newest
- Most votes
- Most comments
Can you provide a detailed description of the error?
I would like to see a description of the policy used as well since I can't see the images well.
Hi there,
Hi there,
When I typed the code chunk below, the below error message came back.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowS3ReadAccess", "Principal": { "AWS": "arn:aws:iam::398113668163:role/S3DynamoDBFullAccessRole" }, "Effect": "Allow", "Action": "s3:", "Resource": [ "arn:aws:s3:::employee-web-app-photo-bucket-sr-001", "arn:aws:s3:::employee-web-app-photo-bucket-sr-001/" ] } ] }
Unknown Error An unexpected error occurred. API response Invalid principal in policy
The action is "s3:", but this will result in an error. The following is an error if you do not describe the S3 operation required for the action. It also appears from the errors that there is a problem with the "Principal". Make sure this "arn:aws:iam::398113668163:role/S3DynamoDBFullAccessRole" exists in your AWS account. An error will occur if you do not have an IAM role. Also, please make sure that the S3 ARN listed in the resource is also changed to yours, or you will get an error.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowS3ReadAccess", "Principal": { "AWS": "arn:aws:iam::398113668163:role/S3DynamoDBFullAccessRole" }, "Effect": "Allow", "Action": "s3:Get*", "Resource": [ "arn:aws:s3:::employee-web-app-photo-bucket-sr-001", "arn:aws:s3:::employee-web-app-photo-bucket-sr-001/*" ] } ] }
Hi Riku_Kobayashi,
Thank you SO MUCH for sharing tips here! I apologize for such a delayed response... I was locked out and unable to log in to my account.
I'll try what you recommended above. Thanks very much again. Ryo
Relevant content
- asked 6 months ago
- asked 10 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
Hi Ryo, could you please share the full error (API response error)?
Hi there,
When I typed the code chunk below, the below error message came back.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowS3ReadAccess", "Principal": { "AWS": "arn:aws:iam::398113668163:role/S3DynamoDBFullAccessRole" }, "Effect": "Allow", "Action": "s3:", "Resource": [ "arn:aws:s3:::employee-web-app-photo-bucket-sr-001", "arn:aws:s3:::employee-web-app-photo-bucket-sr-001/" ] } ] }
Unknown Error An unexpected error occurred. API response Invalid principal in policy