Target AWS Policy Banned Field Principal
I am trying to create an IAM role and assign it to an EC2 instance as described in Attaching an AWS IAM Role to an Existing Amazon EC2 Instance Using the AWS CLI .
The policy is as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
But it gives this error:
This policy contains the following error: Has prohibited field Principal
There is a similar question here, but it couldn't solve the problem.
Any help would be appreciated.
source to share
The easiest way to create a service role is :
- Go to the IAM console
- Click Roles
- Create a new role
- Select Amazon EC2 Service
- Then add your policies.
He will create a trust policy for you.
Note that the trust policy is stored in a separate folder with the actual policy (the bit that assigns the permissions). Based on the error message, it seems that you are setting the trust policy to the normal place because the roles do not need a principle (but trust policies).
source to share
Faced the same issue while trying to update "Trust" or also known as "Trust Policy". The "Principal" comes to play only in the "Trust Policy". You might be mistakenly updating the regular policy by going under the Rights tab. Try updating the policy in the Trusts tab as shown below:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com",
"lambda.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
source to share