We are ALL denied access to EVERYTHING

Question

Ugh so instead of saving the new policy I was creating to attach to an EC2 instance to prevent it from being able to access anything except one S3 bucket, AWS saved the DENY policy ([here](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_deny-except-bucket.html)) to an existing S3 policy that is applied to grant access to S3 to ALL the admins, so now NOBODY can access ANYTHING on AWS. I can't even submit a support ticket (that we're paying for). How do we undo this? Thanks!

Accepted Answer

You can recover access using the account root user: https://repost.aws/knowledge-center/s3-accidentally-denied-access

You can also use the root user to edit IAM permissions. Incidentally, we strongly recommend that you enable multi-factor authentication for the root user so that this power is not abused.

We are ALL denied access to EVERYTHING

Conteúdo relevante