amazon-web-services amazon-s3 amazon-iam aws-policies

S3 Bucket Policy to grant ListBucket permission to all users of a different AWS account

I have an Amazon S3 bucket in Account A.

I would like to grant ListBucket permission on this bucket to all users in Account B.

I tried to write an S3 Bucket Policy using a Principal of:

"Principal": {
    "AWS":"arn:aws:iam::<account_b>:user/*"
},

But I get an error:

Unknown Error
An unexpected error occurred.
API response
Invalid principal in policy

Is there a way that I can grant this permission?

Solution

When giving access to users in the other account, it's enough that you put just the account number as the principal:

"Principal": {
    "AWS":"<account_b_number>"
},

It is also required that users in account b have access to the bucket defined in their IAM policy.

How to pull every single image (tag or untagged) from AWS ECR?
In CloudFormation how can I link RDS and Secrets Manager so I don't have to hardcode the password?
How to install postgresql-client to Amazon EC2 Linux machine?
PyCharm: Why "Python Console" is not accessing ~\.aws\credentials file? How to set it within "Python Console"
Is it possible to run aws s3 sync with boto3?
Python 3 asyncio with aioboto3 seems sequential
Serverless / AWS Lambda - Create the triggers for the published lambda versions
AWS Glue missing permissions
Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
terraform destroy needs original terraform code to destroy?
How to correctly/safely access parameters from AWS SSM Parameter store for my Python script on EC2 instance?
Why is my image not displaying on my Web page?
How to copy blobs from azure to aws using python?
S3 Bucket action doesn't apply to any resources
Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
How to customize "From" name for SNS emails
Changing the name of a Load Balancer on AWS Console
how to decrease the exceution time of aws lambda function nodejs
Timeout when trying to retrieve EC2 instance-id metadata from within it
Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
Downloading an entire S3 bucket?
Unable to unzip .zip file on linux machine
Missing Authentication Token while accessing API Gateway?
AWS S3 Access Denied when open object URL in browser
How to update a nested field in dynamodb via cli?
AWS Lambda NodeJs unable to return response
How can I access my AWS MSK managed kafka queue from my local machine and EC2 instances in other regions
How to recreate EC2 instances of an autoscaling group with terraform?
AWS Cloudwatch Alarm Issue
AWS EC2 | using Rusoto SDK: Couldn't find AWS credentials