Hi,
We are not able to delete a S3 bucket - even as root user or an IAM user with FullS3Access permissions. Neither able to list the objects within this bucket nor empty the bucket. We are not able to find out who the owner of this bucket either.
Is there any other way to delete this bucket being the root user or IAM user with FullAdmin Access ?
The bucket policy looks like this
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "",
"Action": [
"s3:Get",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::pol-ctrl",
"arn:aws:s3:::pol-ctrl/"
]
},
{
"Effect": "Deny",
"Principal": "",
"Action": "s3:",
"Resource": [
"arn:aws:s3:::pol-ctrl",
"arn:aws:s3:::pol-ctrl/"
],
"Condition": {
"StringNotLike": {
"aws:userId": [
"AROAZJDZU5QSGDLXTQ37J:*",
"AIDAIX4VQCCS2IDFS6LOK",
"AIDAZJDZU5QSKQAGUZ4XJ",
"AIDAZJDZU5QSAOPHO4NI2",
"AIDAJFUCG36HXSSD5E4AA",
"AIDAZJDZU5QSAZRPTZBOZ",
"AIDAZJDZU5QSH6S2KG3DM",
"111111111111"
]
}
}
}
]
}
Getting the following error when logged in as root user.
You don't have permission to view Object ownership (bucket settings) configuration
You need s3:GetBucketOwnershipControls to view Object ownership (bucket settings) configuration. Learn more about Object ownership in Amazon S3
Thanks,
Vijay
AWS 공식업데이트됨 2년 전
Thanks for the quick response David. That worked perfectly.
Thanks David. I had to delete the bucket policy, then go to Block Public Access and uncheck some of the settings there. When I came back, I was able to edit the Bucket Policy and again to allow access. That worked and I was able to delete this bucket.
Based on the error message you received, it looks like you don't have the necessary permissions to edit the bucket policy, or the existing policy conflicts with the Block Public Access settings. To edit the bucket policy, you need the s3:PutBucketPolicy permission.
Additionally, the Deny statement in your bucket policy is blocking all access ("Principal": "") to the "vigilant-pol" bucket ("Resource": ["arn:aws:s3:::vigilant-pol", "arn:aws:s3:::vigilant-pol/"]) except for specific AWS user IDs ("aws:userId" condition).
You must ensure that you have the required permissions as a user to modify the bucket policy. If you are certain you have the necessary permissions, you can try removing the Deny statement or modifying it to allow the desired access. Make sure to review your Block Public Access settings as well to ensure they align with your intended policy changes. To modify the bucket policy in such cases, you need to either disable or adjust the Block Public Access settings to allow the desired level of access. However, it's important to carefully evaluate the security implications and only make changes that align with your security requirements and policies.
I'm glad that I could help you.