S3 with Terraform - Problem with policy

Hi guys,
First of all, I want to say that this course is amazing.
So I have completed several videos and labs without problems so far .
However, in the section Terraform with AWS, specifically the video called S3 with Terraform I found a problem when I trying to create the policy and assign it to the group which it is used as a data source (I’ve replicated the same examples showed in the video with my own AWS account).

In the video we have the next piece of code:

I tried to replicate the same code above, but I always got an error:

Error: Error putting S3 policy: MalformedPolicy: Invalid principal in policy

I tried again with hardcoded values getting the same error. I could understand that the error was localized in the Principal section of the policy. Therefore, I searched information on Google (my friend) and I found that the Principal section doesn’t support groups.
You can see more about what specifically is supported by Principal in the link below:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

Before, I also tried to attach the policy directly in the AWS console. Despite that I got the same error.

So, I attached a user to the policy instead a group and this work correctly (users are supported by Principal). I used the next code:

image

Finally, I still have a doubt, because in the video is showed how to attach a policy to the group. Please @KodeKloud could you explain how you achieve this?

Regards

1 Like

Hi @mcortes, after few research I reached the same conclusion, that only user/roles are valid values for S3 Buket Policy Principal.
Even here no Principle group example is provided.
any help @KodeKloud?

1 Like