Invalid principal in policy

aws-samples / aws-modern-application-workshop

A tutorial for developers that want to learn about how to build modern applications on top of AWS. You will build a sample website that leverages infrastructure as code, containers, serverless code functions, CI/CD, and more.

Apache License 2.0

1.46k stars 829 forks source link

Invalid principal in policy #262

Closed dsclambton closed 3 years ago

dsclambton commented 3 years ago

I am trying to update the bucket policy, but I am getting the invalid principal output even though I am following the same format in AWS doc.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/*",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <MY-OAI-ID>"
                }
        }
    ]
}

dsclambton commented 3 years ago

Fixed the issue. I used CloudFront Distribution ID as its format is pretty similar to OAI identity. I grabbed the Cloudfront OAI from Origin Access Identity under the Origins and Origin Groups section