By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Not able to delete a S3 bucket

0

Hi, We are not able to delete a S3 bucket - even as root user or an IAM user with FullS3Access permissions. Neither able to list the objects within this bucket nor empty the bucket. We are not able to find out who the owner of this bucket either. Is there any other way to delete this bucket being the root user or IAM user with FullAdmin Access ?

The bucket policy looks like this

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": "", "Action": [ "s3:Get", "s3:List*" ], "Resource": [ "arn:aws:s3:::pol-ctrl", "arn:aws:s3:::pol-ctrl/" ] }, { "Effect": "Deny", "Principal": "", "Action": "s3:", "Resource": [ "arn:aws:s3:::pol-ctrl", "arn:aws:s3:::pol-ctrl/" ], "Condition": { "StringNotLike": { "aws:userId": [ "AROAZJDZU5QSGDLXTQ37J:*", "AIDAIX4VQCCS2IDFS6LOK", "AIDAZJDZU5QSKQAGUZ4XJ", "AIDAZJDZU5QSAOPHO4NI2", "AIDAJFUCG36HXSSD5E4AA", "AIDAZJDZU5QSAZRPTZBOZ", "AIDAZJDZU5QSH6S2KG3DM", "111111111111" ] } } } ] }

Getting the following error when logged in as root user.

You don't have permission to view Object ownership (bucket settings) configuration You need s3:GetBucketOwnershipControls to view Object ownership (bucket settings) configuration. Learn more about Object ownership in Amazon S3

Thanks, Vijay

Topics
Storage
Tags
S3 Object Lock
Language
English
rePost-User-1270551
asked a year ago447 views
1 Answer
0
Accepted Answer

Based on the provided information, it seems that the bucket policy is configured to deny all actions on the bucket, including listing objects and deleting the bucket itself. This policy is designed to restrict access to specific users or AWS accounts. Modify the bucket policy: Update the bucket policy to remove the "Deny" statement that prevents deletion. The modified policy should allow the necessary permissions to delete the bucket. You can also visit this part of the documentation: Verifying a bucket owner to check the bucket owner.

AWS
David C
answered a year ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed a year ago
  • rePost-User-1270551
    a year ago

    Thanks for the quick response David. That worked perfectly.

  • rePost-User-1270551
    a year ago

    Thanks David. I had to delete the bucket policy, then go to Block Public Access and uncheck some of the settings there. When I came back, I was able to edit the Bucket Policy and again to allow access. That worked and I was able to delete this bucket.

  • David C
    a year ago

    Based on the error message you received, it looks like you don't have the necessary permissions to edit the bucket policy, or the existing policy conflicts with the Block Public Access settings. To edit the bucket policy, you need the s3:PutBucketPolicy permission.

    Additionally, the Deny statement in your bucket policy is blocking all access ("Principal": "") to the "vigilant-pol" bucket ("Resource": ["arn:aws:s3:::vigilant-pol", "arn:aws:s3:::vigilant-pol/"]) except for specific AWS user IDs ("aws:userId" condition).

    You must ensure that you have the required permissions as a user to modify the bucket policy. If you are certain you have the necessary permissions, you can try removing the Deny statement or modifying it to allow the desired access. Make sure to review your Block Public Access settings as well to ensure they align with your intended policy changes. To modify the bucket policy in such cases, you need to either disable or adjust the Block Public Access settings to allow the desired level of access. However, it's important to carefully evaluate the security implications and only make changes that align with your security requirements and policies.

  • David C
    a year ago

    I'm glad that I could help you.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content