Principal
This parameter specifies users on whom the bucket policy takes effect, including accounts and IAM users. Target users can be specified in either of the following ways:
- Include: Specifies the user on whom the bucket policy statement takes effect.
- Exclude: Specifies that on all users except the specified user the bucket policy statement takes effect.
Specifying IAM Users Under the Current Account
When specifying sub-users under the current account, you can select multiple sub-users (IAM users) under the current account.
Specifying Other Account
When the Principal is set to Other account, you can enter one or more account IDs. If you want to apply the bucket policy to IAM users under that account, enter their IAM user IDs.
An authorized user can go to the My Credentials page to obtain the account ID and IAM user IDs after login.
Specifying Anyone (Anonymous User)
To grant the bucket access permission to any user, set the Principal to Anonymous user.
Exercise caution when granting the bucket access permissions to anonymous users. If you grant the bucket access permissions to anonymous users, anyone can access your bucket. Traffic and storage fees related to the bucket will be borne by the bucket owner. You are advised to set restrictions on access requests. For example, you can allow the access requests from only one IP address.
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.