Invalid principal in policy
dsclambton opened this issue · 1 comments
dsclambton commented
I am trying to update the bucket policy, but I am getting the invalid principal output even though I am following the same format in AWS doc.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <MY-OAI-ID>"
}
}
]
}
dsclambton commented
Fixed the issue. I used CloudFront Distribution ID as its format is pretty similar to OAI identity. I grabbed the Cloudfront OAI from Origin Access Identity under the Origins and Origin Groups section