I've created a bucket with the following policy:
{
'Version': '2008-10-17',
'Statement': [{
'Sid': 'eb-58950a8c-feb6-11e2-89e0-0800277d041bc',
'Effect': 'Deny',
'Principal': {
'AWS': '*'
},
'Action': '*',
'Resource': bucket.attrArn
}]
}
which restricts any action on the bucket.
Now I can't do anything with it as any user (which is expected) but also as root (which is a surprise for me). I have Organizations and SCP with full access attached to a root account.
Is there a way to delete the bucket now or should I reach out to support?
I was able to delete bucket policy (and access bucket afterwards) with root account and aws cli. To do so you need:
aws s3api delete-bucket-policy --bucket bucket-name
as rootfrom the Administrator account I got An error occurred (AccessDenied) when calling the DeleteBucketPolicy operation: Access Denied