- 新しい順
- 投票が多い順
- コメントが多い順
I understand that with the bucket policy listed above, you are locked out. To solve this problem, you need to use your root user credentials and follow steps as below:
-
export AWS_DEFAULT_REGION= <region_name>
-
export AWS_ACCESS_KEY_ID="ROOT_ACCESS_KEY_ID"
-
export AWS_SECRET_ACCESS_KEY="ROOT_SECRET_KEY_ID"
-
aws s3api delete-bucket-policy --bucket s3-bucket-name
Note: For windows use "set" instead of "export" while using CLI
This would delete the s3 bucket policy and you should be able to access the bucket. Next thing to make sure when you put bucket policy is, never add all the actions in deny statement, unless you are not sure what each of those action does exactly.
You can start with something like this and then start tweaking it further to add securetransport condition in second block(listed below), this policy would make sure that you always have access to the bucket to perform actions on it and you are not locked out.
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "<your user arn or role arn would come here>"
},
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::bucket_name",
"arn:aws:s3:::bucket_name/*"
]
},
{
"Effect": "Deny",
"NotPrincipal": {
"AWS": "<your user arn or role arn would come here>"
},
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::bucket_name",
"arn:aws:s3:::bucket_name/*"
]
}
]
}
Hello, Mentioned policy is to only allow encrypted connections via HTTPS and restricting HTTP requests from accessing your bucket. Can you please elaborate more what it means by locked out or asking root access. Any errors ?
