- Newest
- Most votes
- Most comments
How then can I make it so old dev can't access the buckets?
From AWS CLI, run: aws s3api get-bucket-acl --bucket <bucket> --profile <cli_profile_name>
You'll get the Display name of old developer.
If old developer IAM user is deleted and all the associated IAM access/secret keys have been disabled/deleted, there are no temp credentials associated with that user, he/she won't be able to access the bucket.
If that user used a federated IAM role, then I assume with his departure, his federated access would also have been revoked, so he/she can't access the bucket.
If this user still exists and supposed to exist in the account but you don't want this user to access the bucket then you can add bucket policy to explicit deny that user.
Comment here if you have additional questions, happy to help.
Relevant content
- asked 5 years ago
- Accepted Answerasked 8 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
From AWS CLI, run: aws s3api get-bucket-acl --bucket <bucket> --profile <cli_profile_name>
You'll get the Display name of old developer.
If old developer IAM user is deleted and all the associated IAM access/secret keys have been disabled/deleted, there are no temp credentials associated with that user, he/she won't be able to access the bucket.
If that user used a federated IAM role, then I assume with his departure, his federated access would also have been revoked, so he/she can't access the bucket.
If this user still exists and supposed to exist in the account but you don't want this user to access the bucket then you can add bucket policy to explicit deny that user.
Comment here if you have additional questions, happy to help.
Do you have any additional questions?