amazon-web-services amazon-s3 amazon-iam aws-policies

S3 Bucket Policy to grant ListBucket permission to all users of a different AWS account

I have an Amazon S3 bucket in Account A.

I would like to grant ListBucket permission on this bucket to all users in Account B.

I tried to write an S3 Bucket Policy using a Principal of:

"Principal": {
    "AWS":"arn:aws:iam::<account_b>:user/*"
},

But I get an error:

Unknown Error
An unexpected error occurred.
API response
Invalid principal in policy

Is there a way that I can grant this permission?

Solution

When giving access to users in the other account, it's enough that you put just the account number as the principal:

"Principal": {
    "AWS":"<account_b_number>"
},

It is also required that users in account b have access to the bucket defined in their IAM policy.

Upload via presigned request - 403 forbidden for Unicode Filename
Best practices for developing scalable video transcoding server on Amazon Web Services?
Enable compression for AWS SQS Java API or how to tell if it's already on?
Getting no basic auth credential from AWS ECR when pulling image
How to load npm modules in AWS Lambda?
Amazon EFS vs S3: Which is better for appending small chunks of data to large files?
Is there a way to delay DynamoDB stream emissions while nearly parallel data is upserted to a record?
Push docker image to amazon ecs repository
AWS SSM Agent - Using the aws cli, is there a way to list all the AWS instances that are missing the SSM agent?
CloudFormation is not authorized to perform: iam:PassRole on resource
S3 - Access-Control-Allow-Origin Header
How to run AWS codeartifact login and keep default registry
aws s3api restore-object permission error
AWS Amplify Functions allow.resource() not working
Is it possible to enrich a message on an sqs queue
Does EKS Auto Mode use AWS Load Balancer Controller?
kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
AWS Elasticache -- How to flush node from console?
How to parameterize prevent_destroy lifecycle configuration in Terraform?
RDS instance start: which subnet/AZ is selected?
Connection refused error (127.0.0.1:4566) for Localstack S3
Problem with file directory link in amazon s3
Can I use aws-advanced-jdbc-wrapper with MySQL?
Creating Lambda Snapstart with Typescript CDK
How to force SQL Server container to immediately update MDF file in Docker volume?
AWS Cloudwatch agent config file removed after startup
AWS lambda SQS does not allow to process 1 message per 1 invocation
How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
Cloudfront redirect when signed cookies not present
AWS Lambda and DynamoDB - updatetItem is not a function