amazon web services - AWS Trust Policy Has prohibited field Principal

Question

I'm trying to create an IAM role and assign it to an EC2 instance according to Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI.

The policy looks like below:

{
 "Version": "2012-10-17",
 "Statement": [
 {
    "Effect": "Allow",
    "Principal": {
    "Service": "ec2.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
  }
 ]

}

But it gives this error:

This policy contains the following error: Has prohibited field Principal

There is a similar question here but it couldn't fix this issue.

Any help would be appreciated.

Answer 1

Faced the same issue when trying to update the "Trust Relationship" Or same known as "Trust Policy". "Principal" comes to play only in "Trust Policy". May be by mistake you are updating normal policy falling under the permissions tab. Try updating the policy under "Trust Relationships" tab as below:

    {
      "Version": "2012-10-17",
      "Statement": [
      {
         "Effect": "Allow",
         "Principal": {
           "Service": [
           "ec2.amazonaws.com",
           "lambda.amazonaws.com"
           ]
          },
         "Action": "sts:AssumeRole"
       }
     ] 
   }