What does 'Principal' mean in an S3 policy and how should it be configured?

Question

Grade: Education Subject: Support
What does 'Principal' mean in an S3 policy and how should it be configured?
Asked by:
75 Viewed 75 Answers

Answer (75)

Best Answer
(358)
In an S3 policy, the 'Principal' element specifies *who* is granted access. It can be an AWS account ID, an IAM user ARN, an IAM role ARN, or a canonical user ID. Correct configuration is crucial. For example, to allow a specific IAM user access, the Principal should be the ARN of that user. To allow access from any AWS account, the Principal can be `*`.