I am writing a cfn template for S3 bucket. I have defined the principal in bucket policy as
Principal:
AWS:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- !Ref "AWS::AccountId"
- ":root"
I want to make principal as the aws Account. This is giving me an invalid principal error. Please help
For Fn::Join you need two levels of -, and also it should be iam:
Principal:
AWS:
Fn::Join:
- ''
- - 'arn:aws:iam::'
- !Ref "AWS::AccountId"
- ":root"
But it would be easier to use Sub:
Principal:
AWS: !Sub 'arn:aws::${AWS::AccountId}:root"