By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS S3 Permission Configuration Error (TLS 1.3)

0

I am facing a critical issue with my AWS S3 permissions.

I made an error in configuring the permissions, and as a result, I have lost the ability to manage permissions for my S3 bucket.

Initially, I attempted to configure the S3 permission conditions to enforce a minimum TLS version of 1.2, following the guidelines provided in this article: https://repost.aws/knowledge-center/s3-enforce-modern-tls . However, during a testing phase, I mistakenly adjusted the permissions to require a minimum TLS version of "not less than 1.3."

This has led to a significant issue as most web browsers, including Safari, Edge, and Chrome, as well as the AWS CLI console, primarily utilize TLS version 1.2. Consequently, I am currently unable to access my S3 bucket.

I have attached the misconfigured permission settings for your reference. By now, I cannot access to permission page of my bucket anymore. How do I fix this?

Thank you!Enter image description here

Topics
StorageManagement & Governance
Tags
Amazon Simple Storage ServiceAWS Command Line InterfaceStorage
Language
English
Kittipat
asked 9 months ago334 views
2 Answers
1
Accepted Answer

Hello.

If you do not have access to your S3 bucket, please follow the documentation below to change the bucket policy after logging in as the root user of your AWS account.
https://repost.aws/knowledge-center/s3-accidentally-denied-access

You can log in as the AWS root user by following the steps in the document below.
https://docs.aws.amazon.com/signin/latest/userguide/introduction-to-root-user-sign-in-tutorial.html

profile picture
EXPERT
Riku_Kobayashi
answered 9 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 9 months ago
  • Kittipat
    9 months ago

    No, I created this bucket by myself. I think AWS api uses TLS 1.2 so it is not able to call the API.

  • Riku_Kobayashi EXPERT
    9 months ago

    AWS root user cannot restrict operations even with S3 bucket policies. Therefore, if you are an AWS root user, you can edit the S3 bucket policy.
    What you are currently using is an IAM user. AWS root user is separate from IAM user. https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html#root-user-vs-iam
    If you are logged in as the root user, you can view and edit the bucket policy as shown below. s3

0

To reproduce the problem,

  1. create a bucket
  2. edit the permission to be the same as the question (edit the path to be your bucket name)
  3. then you will be not able to edit the permission or delete the bucket anymore.

Enter image description here

Kittipat
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content