Service account access for AWS dynamodb

unable to provide service account access to dynamodb.

below is code:

resource “aws_iam_policy” dynamodb {
name = “policy name”
policy = <<POLICY
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Action”: [“dynamodb:*”],
“Principal”: {“AWS”: [“arn:aws:iam::${var.account}:user/” ] },
“Resource”: [ “<dynamo_db_arn>”],
“Effect”: “Allow”
}
]
}
POLICY
}

resource “aws_iam_role_policy_attachment” dynamodb {
role = data.terraform_remote_state.remote_state_iam.outputs.app_execution_name
policy_arn = aws_iam_policy.dynamodb.arn
}

below is the error i see while executing above code:
Error: error updating IAM policy arn:aws:iam:::policy/dynamodb: MalformedPolicyDocument: Policy document should not specify a principal.
status code: 400, request id: 6d2b83e9-2b33-4660-a7d1-83e08aa5f6c1